|
From: Andrew H. <and...@lo...> - 2022-03-13 14:34:32
|
Hi Patrick, > Upstream we actually have a pool of Citrix Netscalers – but when we tried making use of the Citrix recommended DoS features, we found that we ended up hitting up many false positives (just due to the legitimate “background noise” that individual users generated). Perhaps there is a way for the Netscalers to handle URL based rules (with counters), but the Netscalers seem to be more focused on protection against massive DoS style events. The Netscalers will 100% support the logic to filter out a subset of requests by URL (probably using a regular expression) and apply a rate limit only to those. Alternatively, you could try filtering out the requests in question and sending them to a separate virtual service: one with a low "maximum connections" limit to force connections to queue if there's a sudden spike in traffic. Not sure what the exact Citrix terminology would be or which buttons you'd need to press (I work for a competing vendor ;) ), but I'd be surprised if those scenarios aren't supported. Thanks, Andrew -- Andrew Howe Loadbalancer.org Ltd. www.loadbalancer.org +1 888 867 9504 / +44 (0)330 380 1064 |
