-
Notifications
You must be signed in to change notification settings - Fork 779
Commit
This commit does not belong to any branch on this repository, and may belong to a fork outside of the repository.
APIs to get the h2 error codes and a plugin to use them (#10571)
- Loading branch information
Showing
10 changed files
with
545 additions
and
1 deletion.
There are no files selected for viewing
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -0,0 +1,73 @@ | ||
.. Licensed to the Apache Software Foundation (ASF) under one | ||
or more contributor license agreements. See the NOTICE file | ||
distributed with this work for additional information | ||
regarding copyright ownership. The ASF licenses this file | ||
to you under the Apache License, Version 2.0 (the | ||
"License"); you may not use this file except in compliance | ||
with the License. You may obtain a copy of the License at | ||
http://www.apache.org/licenses/LICENSE-2.0 | ||
Unless required by applicable law or agreed to in writing, | ||
software distributed under the License is distributed on an | ||
"AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY | ||
KIND, either express or implied. See the License for the | ||
specific language governing permissions and limitations | ||
under the License. | ||
.. include:: ../../common.defs | ||
.. _admin-plugins-block_errors: | ||
|
||
Block Errors Plugin | ||
******************* | ||
|
||
Description | ||
=========== | ||
The `block_errors` plugin blocks connections or downgrades the protocol from HTTP/2 to HTTP/1.1 for clients that have too many HTTP/2 errors on the server. | ||
|
||
The plugin tracks users based on their IP address and blocks them for a configurable amount of time. `block_errors` can be configured to either block or downgrade the protocol, only use HTTP/1.1, for any new connections. | ||
The existing connection that experience errors and is over the error limit will be closed. The plugin also supports on the fly configuration changes using the `traffic_ctl` command. | ||
|
||
|
||
Configuration | ||
============= | ||
|
||
To enable the `block_errors` plugin, insert the following line in :file:`plugin.config`: | ||
|
||
block_errors.so | ||
|
||
Additional configuration options are available and can be set in :file:`plugin.config`: | ||
|
||
block_errors.so <error limit> <timeout> <shutdown> <enable> | ||
|
||
- ``error limit``: The number of errors allowed before blocking the client. Default: 1000 (per minute) | ||
- ``timeout``: The time in minutes to block the client. Default: 4 (minutes) | ||
- ``shutdown``: Shutdown (1) or downgrade (0) the protocol for new connections. Default: 0 (downgrade to HTTP/1.1) | ||
- ``enable``: Enable (1) or disable (0) the plugin. Default: 1 (enabled) | ||
|
||
Example Configuration | ||
===================== | ||
|
||
block_errors.so 1000 4 0 1 | ||
|
||
Run Time Configuration | ||
====================== | ||
The plugin can be configured at run time using the `traffic_ctl` command. The following commands are available: | ||
|
||
- ``block_errors.error_limit``: Set the error limit. Takes a single argument, the number of errors allowed before blocking the client. | ||
- ``block_errors.timeout``: Set the block timeout. Takes a single argument, the number of minutes to block the client. | ||
- ``block_errors.shutdown``: Set the shutdown mode. Takes a single argument, 0 to downgrade to HTTP/1.1, 1 to close the connection. | ||
- ``block_errors.enable``: Enable or disable the plugin. Takes a single argument, 0 to disable, 1 to enable. | ||
|
||
Example Run Time Configuration | ||
============================== | ||
|
||
traffic_ctl plugin msg block_errors.error_limit 10000 | ||
|
||
traffic_ctl plugin msg block_errors.timeout 10 | ||
|
||
traffic_ctl plugin msg block_errors.shutdown 1 | ||
|
||
traffic_ctl plugin msg block_errors.enable 1 |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -0,0 +1,22 @@ | ||
####################### | ||
# | ||
# Licensed to the Apache Software Foundation (ASF) under one or more contributor license | ||
# agreements. See the NOTICE file distributed with this work for additional information regarding | ||
# copyright ownership. The ASF licenses this file to you under the Apache License, Version 2.0 | ||
# (the "License"); you may not use this file except in compliance with the License. You may obtain | ||
# a copy of the License at | ||
# | ||
# http://www.apache.org/licenses/LICENSE-2.0 | ||
# | ||
# Unless required by applicable law or agreed to in writing, software distributed under the License | ||
# is distributed on an "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express | ||
# or implied. See the License for the specific language governing permissions and limitations under | ||
# the License. | ||
# | ||
####################### | ||
|
||
project(block_errors) | ||
|
||
add_atsplugin(block_errors | ||
block_errors.cc | ||
) |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -0,0 +1,20 @@ | ||
# Licensed to the Apache Software Foundation (ASF) under one | ||
# or more contributor license agreements. See the NOTICE file | ||
# distributed with this work for additional information | ||
# regarding copyright ownership. The ASF licenses this file | ||
# to you under the Apache License, Version 2.0 (the | ||
# "License"); you may not use this file except in compliance | ||
# with the License. You may obtain a copy of the License at | ||
# | ||
# http://www.apache.org/licenses/LICENSE-2.0 | ||
# | ||
# Unless required by applicable law or agreed to in writing, software | ||
# distributed under the License is distributed on an "AS IS" BASIS, | ||
# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. | ||
# See the License for the specific language governing permissions and | ||
# limitations under the License. | ||
|
||
pkglib_LTLIBRARIES += experimental/block_errors/block_errors.la | ||
|
||
experimental_block_errors_block_errors_la_SOURCES = \ | ||
experimental/block_errors/block_errors.cc |
Oops, something went wrong.