Community discussions

MikroTik App
  4. RouterOS
  5. Scripting

speed limit for web server users ?

Post Reply
 
bax2
just joined
Topic Author
Posts: 3
Joined: Thu Oct 19, 2023 9:19 am

speed limit for web server users ?

Thu Jan 04, 2024 2:44 pm

Hello everbody an happy new year!

I need to make script for speed limit for web server users.
What I done till now:
Make all nat from wan to web server.
Make web server queue (IP=192.168.11.100)
Code: Select all
/queue simple
add burst-time=10s/10s limit-at=100M/100M max-limit=1G/1G name=debian-server \
    priority=3/3 queue=ethernet-default/ethernet-default target=\
    192.168.11.100/32 total-priority=3
Make detect web server visitors and add them IP to list web-server-visitors
This works fine.
Code: Select all
/ip firewall layer7-protocol
add name=ssl regexp=\
    "^(.\?.\?\\x16\\x03.*\\x16\\x03|.\?.\?\\x01\\x03\\x01\?.*\\x0b)"

/ip firewall mangle
add action=add-dst-to-address-list address-list=web-server-visitors \
    address-list-timeout=1h chain=postrouting comment=\
    "web-server-visitors IP add to adress-list " dst-address-list=\
    !our-network layer7-protocol=ssl src-address=192.168.11.100
add action=add-dst-to-address-list address-list=web-server-visitors \
    address-list-timeout=1h chain=postrouting comment=\
    "web-server-visitors IP add to adress-list " dst-address-list=\
    !our-network protocol=tcp src-address=192.168.11.100 src-port=443
Then I make torch on simple queue for my web server an manualy add heavy users to child queue:
This looks like this:
Code: Select all
/queue simple add dst=95.168.105.24/32 max-limit=10M/10M name=queue parent=debian-server \
    queue=ethernet-default/ethernet-default target=192.168.11.100/32
and is working fine.

Now im try to make script which will first remove current users (old users) and add all new user as child queue .
So first line is ok and looks like this:
Code: Select all
/queue simple remove [ find where parent="debian-server" ]
Well I dont know how to make rest of nedeed part where script add user from my list web-server-visitors.
I was try somethig like this but it not working:
Code: Select all
/queue simple add dst={ /ip firewall address-list :foreach x in=[find where="web-server-visitors"] } max-limit=10M/10M name=queue parent=debian-server queue=ethernet-default/ethernet-default target=192.168.11.100/32
Any help is welcome. Thanks.
edit: Im using v6.49.10 on hex (mmips)
Last edited by bax2 on Sat Jan 06, 2024 1:26 pm, edited 1 time in total.
Top
 
bax2
just joined
Topic Author
Posts: 3
Joined: Thu Oct 19, 2023 9:19 am

Re: speed limit for web server users ?

Sat Jan 06, 2024 12:35 pm

For now I almost ended till last part where i have error:
Code: Select all
#remove old visitors OK
/queue simple remove [ find where parent="debian-server" ]

#search for new visitors OK
:local addrList {[/ip firewall address-list find where list="web-server-visitors"]
:local addrCount [:len $addrList]}

:for i from=0 to=($addrCount-1) do={
  :local addrItem [:pick $addrList $i]}

:local ipAddress [/ip firewall address-list get $addrItem address]
 
:local queueName ("queue-" . $ipAddress)
 

#Creating new queue simple for visitors BAD
/queue simple add dst=$ipAddress/32 max-limit=10M/10M name=$queueName parent=debian-server queue=ethernet-default/ethernet-default target=$ipAddress/32
error:expected end of command (line 1 column 33)
Any ideas?

EDIT:I tried different variations of commands with the help of Chatgpt. I always get some error like ;
expected end of command (line 5 column 148) in target=$ipAddress/32

So finally ChatGpt give me advice to try here on forum ;) or contact mikrotik suport ;)
Can one of the experienced users confirm for me that this is a bug in the mikrotik of the given version (6.49.10) and whether it works in another version of mikrotik?
Top
Post Reply

Who is online

Users browsing this forum: No registered users and 6 guests
  4. RouterOS
  5. Scripting