Varnish 3.x Throttling

I’ve been using varnish throttling lately to mitigate attacks and crawlers, and thought I’d share how I was able to get the module implemented on my ubuntu hosts.

First of all, you’ll need to build the throttle vmod.

Install the packages needed, including varnish :

sudo apt-get install varnish autotools-dev automake1.9 libtool autoconf libncurses-dev xsltproc groff-base libpcre3-dev pkg-config libjemalloc-dev libedit-dev

Grab the sources needed.

varnish-3.0.5 is what currently installs with ubuntu, so get the source tarball from this page :

libvmod-throttle can be obtained here :

Extract the tarball and clone the repo into adjacent directories.

Now build varnish. Don’t need to install it, you just need to make it.

cd varnish-3.0.5

Now you can build the module.

cd libvmod-throttle
./configure VARNISHSRC=../varnish-3.0.5 VMODDIR=/usr/lib/x86_64-linux-gnu/varnish/vmods
sudo make install

You should be all built and ready for the configuration.

You’ll need to add the following lines to the top of your main varnish configuration file (probably /etc/varnish/default.vcl) :

import std;
import throttle;

In the vcl_recv section, you can use something like the following to limit connections from a given source. This assumes you’re behind a proxy of some kind, but the X-Forwarded-For could be changed as needed.

if (throttle.is_allowed("ip:" + req.http.X-Forwarded-For + ":req:" + req.url, "100req/5m") > 0s) {
error 429 "Too many requests from " + req.http.X-Forwarded-For + ", please try again later.";

I’ve found this reduces the effects of dictionary attacks against my sites significantly.

The examples on the github page a pretty easy to follow and show some pretty clever rules and techniques to help make sure that legit traffic is getting processed.

Varnish 3.x Throttling