resp.tarpit

VOIDresp.tarpitINTEGERinterval_sINTEGERchunk_size_bytes

Available indeliver

Limit the rate at which the response is sent to the client.

Tarpitting is an anti-abuse technique designed for situations in which directly closing the connection isn't appropriate. It can also be used to reduce the churn of opening and closing connections on the server side. By forcing a client to wait for every chunk of the response, a tarpit imposes more cost on a potential bad actor than your origin.

Tarpitting is applied only to responses of 4000 bytes or smaller.

Parameters

interval_s - How often the response chunks should be written to the network, in seconds.

chunk_size_bytes - The size of the response chunks to send, in bytes. Optional. Defaults to 100 bytes.

Example

The following example will force the client to wait for 5 seconds before emitting each 1000 bytes of the response.

sub vcl_deliver {
  if (resp.status == 403) { 
    resp.tarpit(5, 1000);
  }
}

Try it out

resp.tarpit is used in the following code examples. Examples apply VCL to real-world use cases and can be deployed as they are, or adapted for your own service. See the full list of code examples for more inspiration.

Click RUN on a sample below to provision a Fastly service, execute the code on Fastly, and see how the function behaves.

Slowing down responses (tarpit)

Force a response to be delivered very slowly to reduce the rate at which an attacker can send requests.