proxyd: Add rate limit logging (#3173)
This commit is contained in:
parent
e8c202d30a
commit
7a2b4bdf45
@ -1,7 +1,6 @@
|
|||||||
package integration_tests
|
package integration_tests
|
||||||
|
|
||||||
import (
|
import (
|
||||||
"fmt"
|
|
||||||
"net/http"
|
"net/http"
|
||||||
"os"
|
"os"
|
||||||
"testing"
|
"testing"
|
||||||
@ -68,7 +67,6 @@ func TestFrontendMaxRPSLimit(t *testing.T) {
|
|||||||
h.Set("Origin", "exempt_origin")
|
h.Set("Origin", "exempt_origin")
|
||||||
client := NewProxydClientWithHeaders("http://127.0.0.1:8545", h)
|
client := NewProxydClientWithHeaders("http://127.0.0.1:8545", h)
|
||||||
_, codes := spamReqs(t, client, 429)
|
_, codes := spamReqs(t, client, 429)
|
||||||
fmt.Println(codes)
|
|
||||||
require.Equal(t, 3, codes[200])
|
require.Equal(t, 3, codes[200])
|
||||||
})
|
})
|
||||||
|
|
||||||
|
@ -196,14 +196,16 @@ func (s *Server) HandleRPC(w http.ResponseWriter, r *http.Request) {
|
|||||||
ctx, cancel = context.WithTimeout(ctx, s.timeout)
|
ctx, cancel = context.WithTimeout(ctx, s.timeout)
|
||||||
defer cancel()
|
defer cancel()
|
||||||
|
|
||||||
exemptOrigin := s.limExemptOrigins[strings.ToLower(r.Header.Get("Origin"))]
|
origin := r.Header.Get("Origin")
|
||||||
exemptUserAgent := s.limExemptUserAgents[strings.ToLower(r.Header.Get("User-Agent"))]
|
userAgent := r.Header.Get("User-Agent")
|
||||||
|
exemptOrigin := s.limExemptOrigins[strings.ToLower(origin)]
|
||||||
|
exemptUserAgent := s.limExemptUserAgents[strings.ToLower(userAgent)]
|
||||||
|
// Use XFF in context since it will automatically be replaced by the remote IP
|
||||||
|
xff := stripXFF(GetXForwardedFor(ctx))
|
||||||
var ok bool
|
var ok bool
|
||||||
if exemptOrigin || exemptUserAgent {
|
if exemptOrigin || exemptUserAgent {
|
||||||
ok = true
|
ok = true
|
||||||
} else {
|
} else {
|
||||||
// Use XFF in context since it will automatically be replaced by the remote IP
|
|
||||||
xff := stripXFF(GetXForwardedFor(ctx))
|
|
||||||
if xff == "" {
|
if xff == "" {
|
||||||
log.Warn("rejecting request without XFF or remote IP")
|
log.Warn("rejecting request without XFF or remote IP")
|
||||||
ok = false
|
ok = false
|
||||||
@ -214,6 +216,15 @@ func (s *Server) HandleRPC(w http.ResponseWriter, r *http.Request) {
|
|||||||
if !ok {
|
if !ok {
|
||||||
rpcErr := ErrOverRateLimit.Clone()
|
rpcErr := ErrOverRateLimit.Clone()
|
||||||
rpcErr.Message = s.limConfig.ErrorMessage
|
rpcErr.Message = s.limConfig.ErrorMessage
|
||||||
|
RecordRPCError(ctx, BackendProxyd, "unknown", rpcErr)
|
||||||
|
log.Warn(
|
||||||
|
"rate limited request",
|
||||||
|
"req_id", GetReqID(ctx),
|
||||||
|
"auth", GetAuthCtx(ctx),
|
||||||
|
"user_agent", userAgent,
|
||||||
|
"origin", origin,
|
||||||
|
"remote_ip", xff,
|
||||||
|
)
|
||||||
writeRPCError(ctx, w, nil, rpcErr)
|
writeRPCError(ctx, w, nil, rpcErr)
|
||||||
return
|
return
|
||||||
}
|
}
|
||||||
@ -222,7 +233,7 @@ func (s *Server) HandleRPC(w http.ResponseWriter, r *http.Request) {
|
|||||||
"received RPC request",
|
"received RPC request",
|
||||||
"req_id", GetReqID(ctx),
|
"req_id", GetReqID(ctx),
|
||||||
"auth", GetAuthCtx(ctx),
|
"auth", GetAuthCtx(ctx),
|
||||||
"user_agent", r.Header.Get("user-agent"),
|
"user_agent", userAgent,
|
||||||
)
|
)
|
||||||
|
|
||||||
body, err := ioutil.ReadAll(io.LimitReader(r.Body, s.maxBodySize))
|
body, err := ioutil.ReadAll(io.LimitReader(r.Body, s.maxBodySize))
|
||||||
|
Loading…
Reference in New Issue
Block a user