Advanced Use Cases for Peakhour.IO¶
This tutorial covers advanced use cases for Peakhour.IO.
Rate Limiting Based on Origin Server Response¶
This use case demonstrates how to use the Rate Limit Request and Rate Limit Response phases to limit requests based on the origin server's response.
Failed Login Rate Limiting¶
Set up a rate limit zone for failed logins in the Rate Limit Request phase:
Wirefilter:
Configuration:
In the Rate Limit Response phase, check for a failed login response and add the client to a more restrictive zone:
Wirefilter:
Configuration:
rate_limit.add_zone:
zone: "failed_logins"
key:
- type: "ip"
rate_limit.check_zone:
zone: "failed_logins"
action:
type: "block"
status_code: 429
This configuration creates two rate limit zones: one for all login attempts and another for failed logins.
404 Error Rate Limiting¶
Rate limit clients that generate too many 404 errors:
Wirefilter:
Configuration:
rate_limit.add_zone:
zone: "not_found_errors"
key:
- type: "ip"
rate_limit.check_zone:
zone: "not_found_errors"
action:
type: "challenge"
status_code: 403
This configuration challenges clients that generate an excessive number of 404 errors.
Bot Challenges for Login Section¶
Protect your login page from automated attacks:
Wirefilter:
Configuration:
This configuration challenges unverified bots attempting to access the login page.
Securing API Endpoints with TLS Fingerprinting¶
Add security to your API endpoints:
Wirefilter:
Configuration:
This configuration blocks API access attempts from clients with unrecognised TLS fingerprints. Create a rule list named allowed_tls_fingerprints with the TLS fingerprints of your authorised clients.
Challenging Requests from Data Centres¶
Protect against potential abuse from data centre IP ranges:
Wirefilter:
Configuration:
This configuration challenges requests originating from known data centre IP ranges. Create a rule list named data_centre_asns with the ASNs of major data centres.