Is there a way to add throttling to a website that increases as a site is repeatedly accessed and otherwise decreases over time?
I don't want to block the site entirely.
1 Like
I think opennds already has burst rate and then upload/download rate limiting?
Why do you need a more specific solution for one site?
I guess the main difference is you specifically need one site to be throttled?
Thank you. That's true I am looking for a site specific solution.
There are a few sites that contain some useful information and also tend to be huge time sinks.
I just want to dynamically throttle them without degrading access to other sites.
1 Like
Thanks for clarifying!
At some point I think this is rendered moot as if you implement this you would need to ban all VPN's and other tunnels etc too. There will be a workaround....
Do you control the client devices? Is this a work environment?
I don't have any experience with trying it for a specific site. Nor whether anything will do what you need that already exists in openwrt =(
I've played with things like suricata in inline mode to try to detect P2P traffic. Unsure if there's lists and applications for that nor did I ever get to the "actively throttling traffic" stage with that project.
Can you speak to what level of experience you have with firewalls, linux sysadmin and packet filtering etc?
You effectively need bandwidth control for specific domains?
So something like nft-qos but rather than the local network IP lists you want to put in public IP's and throttle those?
I can speak generically about the problem:
- You need an IP list for the sites in question? - Similar to walled garden approach in opennds/dnsmasq?
- Then set up some kind of filters with tc-full?
https://openwrt.org/docs/guide-user/network/traffic-shaping/packet.scheduler
https://openwrt.org/docs/guide-user/network/traffic-shaping/packet.scheduler.example2
I'm not too concerned about workarounds. This is for home use so the "customers" are me and my kids (my wife can opt in for restrictions if she wants).
I'm thinking of something similar to:
if <user> tries to access <site>:
wait <delay> ms before accessing site
increase <delay>
every minute:
decrease <delay> (down to 0)
I'd describe my FW/Linux/packetfiltering etc experience is broad and shallow.
1 Like
Thank for clarifying.
I don't have a solution for you other than have a look at the existing examples I linked whilst classifying the traffic appropriately.
I wouldn't know how to get some sort of sliding data rate.
But some further reading says tc does burst rates too?
First question is what is a site. If it is a web address you have to fill nftables set using dnsmasq and then flag that for rate limiting by qdisc (tcinfo) or downprioritize (dscp set cs1 af11 or so)
If the site is in RFC meaning you have to use geoip for marking source.
1 Like
Hi @aprentic this is might indeed be a helpful way combat these infinite scrolling time sinks! Did you get anything working?
I haven't yet. That's exactly why I was looking for this.
1 Like