BrooksCunningham · November 18, 2021 22:37
diff --git a/edge_rate_limiting.vcl b/edge_rate_limiting.vcl
 # Snippet rate-limiter-v1-origin_waf_response-init-init : 100
 # Begin rate-limiter webbots - Next Gen WAF Response
 penaltybox rl_origin_waf_response_pb {}
 ratecounter rl_origin_waf_response_rc {}

 table rl_origin_waf_response_methods {
  "GET": "true",
  "PUT": "true",
  "TRACE": "true",
  "POST": "true",
  "HEAD": "true",
  "DELETE": "true",
  "PATCH": "true",
  "OPTIONS": "true",
 }

 # sub rl_origin_waf_response_process {
 #   declare local var.rl_origin_waf_response_limit INTEGER;
 #   declare local var.rl_origin_waf_response_window INTEGER;
 #   declare local var.rl_origin_waf_response_ttl TIME;
 #   declare local var.rl_origin_waf_response_entry STRING;
 #   set var.rl_origin_waf_response_limit = 20;
 #   set var.rl_origin_waf_response_window = 60;
 #   set var.rl_origin_waf_response_ttl = 10m;
 #   set var.rl_origin_waf_response_entry = client.ip;

 # }
 # End rate-limiter webbots - Next Gen WAF Response

 # Start rate-limiter webbots - Next Gen WAF request evaluation
 sub vcl_recv {
    # call rl_origin_waf_response_process;
      if (req.restarts == 0 && fastly.ff.visits_this_service == 0
      && table.contains(rl_origin_waf_response_methods, req.method)
      ) {
        if (ratelimit.penaltybox_has(rl_origin_waf_response_pb, client.ip)) {
            error 829 "Rate limiter: Too many requests for origin_waf_response";
        }
      }
 }
 # End rate-limiter webbots - Next Gen WAF request evaluation

 # Start check backend response status code
 sub vcl_fetch {
    # perform check based on the origin response
    if (beresp.status == 406 || beresp.status == 206) {
        log "406 or 206 response";
        ratelimit.penaltybox_add(rl_origin_waf_response_pb, client.ip, 10m);
    }
 }
 # End check backend response status code

 # Start useful troubleshooting based on the response
 sub vcl_deliver {
  if (req.http.fastly-debug == "1"){
    set resp.http.X-ERL-PenaltyBox = ratelimit.penaltybox_has(rl_origin_waf_response_pb, client.ip);
  }
 }
 # End useful troubleshooting based on the response

 sub vcl_error {
    # Snippet rate-limiter-v1-origin_waf_response-error-error : 100
    # Begin rate-limiter webbots - default edge rate limiting error - origin_waf_response
  if (obj.status == 829 && obj.response == "Rate limiter: Too many requests for origin_waf_response") {
    set obj.status = 429;
    set obj.response = "Too Many Requests";
    set obj.http.Content-Type = "text/html";
    synthetic.base64 "PGh0bWw+Cgk8aGVhZD4KCQk8dGl0bGU+VG9vIE1hbnkgUmVxdWVzdHM8L3RpdGxlPgoJPC9oZWFkPgoJPGJvZHk+CgkJPHA+VG9vIE1hbnkgUmVxdWVzdHMgdG8gdGhlIHNpdGUgLSBGYXN0bHkgRWRnZSBSYXRlIExpbWl0aW5nPC9wPgoJPC9ib2R5Pgo8L2h0bWw+Cg==";
    return(deliver);
  }
    # End rate-limiter webbots - default edge rate limiting error - origin_waf_response
 }
	# Snippet rate-limiter-v1-origin_waf_response-init-init : 100
	# Begin rate-limiter webbots - Next Gen WAF Response
	penaltybox rl_origin_waf_response_pb {}
	ratecounter rl_origin_waf_response_rc {}

	table rl_origin_waf_response_methods {
	"GET": "true",
	"PUT": "true",
	"TRACE": "true",
	"POST": "true",
	"HEAD": "true",
	"DELETE": "true",
	"PATCH": "true",
	"OPTIONS": "true",
	}

	# sub rl_origin_waf_response_process {
	# declare local var.rl_origin_waf_response_limit INTEGER;
	# declare local var.rl_origin_waf_response_window INTEGER;
	# declare local var.rl_origin_waf_response_ttl TIME;
	# declare local var.rl_origin_waf_response_entry STRING;
	# set var.rl_origin_waf_response_limit = 20;
	# set var.rl_origin_waf_response_window = 60;
	# set var.rl_origin_waf_response_ttl = 10m;
	# set var.rl_origin_waf_response_entry = client.ip;

	# }
	# End rate-limiter webbots - Next Gen WAF Response

	# Start rate-limiter webbots - Next Gen WAF request evaluation
	sub vcl_recv {
	# call rl_origin_waf_response_process;
	if (req.restarts == 0 && fastly.ff.visits_this_service == 0
	&& table.contains(rl_origin_waf_response_methods, req.method)
	) {
	if (ratelimit.penaltybox_has(rl_origin_waf_response_pb, client.ip)) {
	error 829 "Rate limiter: Too many requests for origin_waf_response";
	}
	}
	}
	# End rate-limiter webbots - Next Gen WAF request evaluation

	# Start check backend response status code
	sub vcl_fetch {
	# perform check based on the origin response
	if (beresp.status == 406 \|\| beresp.status == 206) {
	log "406 or 206 response";
	ratelimit.penaltybox_add(rl_origin_waf_response_pb, client.ip, 10m);
	}
	}
	# End check backend response status code

	# Start useful troubleshooting based on the response
	sub vcl_deliver {
	if (req.http.fastly-debug == "1"){
	set resp.http.X-ERL-PenaltyBox = ratelimit.penaltybox_has(rl_origin_waf_response_pb, client.ip);
	}
	}
	# End useful troubleshooting based on the response

	sub vcl_error {
	# Snippet rate-limiter-v1-origin_waf_response-error-error : 100
	# Begin rate-limiter webbots - default edge rate limiting error - origin_waf_response
	if (obj.status == 829 && obj.response == "Rate limiter: Too many requests for origin_waf_response") {
	set obj.status = 429;
	set obj.response = "Too Many Requests";
	set obj.http.Content-Type = "text/html";
	synthetic.base64 "PGh0bWw+Cgk8aGVhZD4KCQk8dGl0bGU+VG9vIE1hbnkgUmVxdWVzdHM8L3RpdGxlPgoJPC9oZWFkPgoJPGJvZHk+CgkJPHA+VG9vIE1hbnkgUmVxdWVzdHMgdG8gdGhlIHNpdGUgLSBGYXN0bHkgRWRnZSBSYXRlIExpbWl0aW5nPC9wPgoJPC9ib2R5Pgo8L2h0bWw+Cg==";
	return(deliver);
	}
	# End rate-limiter webbots - default edge rate limiting error - origin_waf_response
	}