Getting started with an ARL profile
ARL (Advanced Rate Limiter) is a module for controlling and limiting the load on web apps. The module allows you to set a limit on the number of HTTP requests over a certain period of time. All requests above the limit will be blocked. You can set a single limit for all traffic or configure different limits to segment requests by certain parameters. For the purposes of limits, you can count requests one by one or group them together based on specified characteristics.
Create your first ARL profile and connect it to an existing Yandex Smart Web Security security profile.
If you have not configured a security profile yet, create it and connect it to a virtual host of an Yandex Application Load Balancer L7 load balancer. For more information, see Getting started with a security profile.
To get started with ARL:
Prepare your cloud
Sign up for Yandex Cloud and create a billing account:
- Go to the management console and log in to Yandex Cloud or create an account if you do not have one yet.
- On the Yandex Cloud Billing page, make sure you have a billing account linked and it has the
ACTIVEorTRIAL_ACTIVEstatus. If you do not have a billing account, create one.
If you have an active billing account, you can go to the cloud page to create or select a folder for your infrastructure to operate in.
Learn more about clouds and folders.
Create an ARL profile
-
In the management console, select the folder where you want to create your ARL profile.
-
In the list of services, select Smart Web Security.
-
Go to the ARL profiles tab and click Create ARL profile.
-
Describe a scenario of using ARL features in your projects and click Submit request.
Once your request is approved, you can proceed to create an ARL profile.
-
Enter a name for the profile, e.g.,
test-arl-profile-1. -
Add profile description and labels if needed.
-
Click Create.
Configure rules
-
Click Add a rule on the ARL profile's review page that opens.
-
Enter a name for the rule, e.g.,
arl-rule-1. -
In the Priority field, set the rule's priority within the ARL profile, e.g.,
1000. -
(Optional) To test the ARL rule, enable the Logging only (Dry run) mode. Requests will not be blocked in this mode.
-
Under Traffic conditions, select All traffic or With a condition.
-
To set traffic conditions, select one or more items from the Conditions list:
IP: IP address, IP address range, or IP address region.HTTP header: String in the HTTP header.HTTP body: String in the HTTP packet body.Request path: Request path.Host: Domain receiving the request.HTTP method: Request method.Cookie: String in the cookie header.
-
Under Request counting, select how to count requests for limit application purposes:
- No grouping: Counting each request individually.
- Grouping by property: Counting the number of request groups sharing one or multiple common properties.
- Select a grouping property:
Request path: Request path.HTTP method: Request method.IP address: IP address the request came from.Region: IP address region of the requests.Host: Domain receiving the request.HTTP cookie: String in the cookie header.HTTP header: String in the HTTP header.Query params: String in query parameters.
- (Optional) Enable Case-sensitive to put properties with the same values in different cases into different groups.
- Select a grouping property:
-
Specify the request limit and select the time interval, e.g.,
1000requests per1minute. -
Click Save rule.
Connect your ARL profile to a security profile
- Go to the Security profiles tab.
- From the list, select the security profile you want to connect your ARL profile to, e.g.,
test-sp1. - Click Edit.
- From the ARL profile list, select
test-arl-profile-1you created earlier. - Click Save.