speed limit for web server users ?

bax2 · January 4, 2024, 12:44pm

Hello everbody an happy new year!

I need to make script for speed limit for web server users.
What I done till now:
Make all nat from wan to web server.
Make web server queue (IP=192.168.11.100)

/queue simple
add burst-time=10s/10s limit-at=100M/100M max-limit=1G/1G name=debian-server \
    priority=3/3 queue=ethernet-default/ethernet-default target=\
    192.168.11.100/32 total-priority=3

Make detect web server visitors and add them IP to list web-server-visitors
This works fine.

/ip firewall layer7-protocol
add name=ssl regexp=\
    "^(.\?.\?\\x16\\x03.*\\x16\\x03|.\?.\?\\x01\\x03\\x01\?.*\\x0b)"

/ip firewall mangle
add action=add-dst-to-address-list address-list=web-server-visitors \
    address-list-timeout=1h chain=postrouting comment=\
    "web-server-visitors IP add to adress-list " dst-address-list=\
    !our-network layer7-protocol=ssl src-address=192.168.11.100
add action=add-dst-to-address-list address-list=web-server-visitors \
    address-list-timeout=1h chain=postrouting comment=\
    "web-server-visitors IP add to adress-list " dst-address-list=\
    !our-network protocol=tcp src-address=192.168.11.100 src-port=443

Then I make torch on simple queue for my web server an manualy add heavy users to child queue:
This looks like this:

/queue simple add dst=95.168.105.24/32 max-limit=10M/10M name=queue parent=debian-server \
    queue=ethernet-default/ethernet-default target=192.168.11.100/32

and is working fine.

Now im try to make script which will first remove current users (old users) and add all new user as child queue .
So first line is ok and looks like this:

/queue simple remove [ find where parent="debian-server" ]

Well I dont know how to make rest of nedeed part where script add user from my list web-server-visitors.
I was try somethig like this but it not working:

/queue simple add dst={ /ip firewall address-list :foreach x in=[find where="web-server-visitors"] } max-limit=10M/10M name=queue parent=debian-server queue=ethernet-default/ethernet-default target=192.168.11.100/32

Any help is welcome. Thanks.
edit: Im using v6.49.10 on hex (mmips)

bax2 · January 6, 2024, 10:35am

For now I almost ended till last part where i have error:

#remove old visitors OK
/queue simple remove [ find where parent="debian-server" ]

#search for new visitors OK
:local addrList {[/ip firewall address-list find where list="web-server-visitors"]
:local addrCount [:len $addrList]}

:for i from=0 to=($addrCount-1) do={
  :local addrItem [:pick $addrList $i]}

:local ipAddress [/ip firewall address-list get $addrItem address]
 
:local queueName ("queue-" . $ipAddress)
 

#Creating new queue simple for visitors BAD
/queue simple add dst=$ipAddress/32 max-limit=10M/10M name=$queueName parent=debian-server queue=ethernet-default/ethernet-default target=$ipAddress/32

error:expected end of command (line 1 column 33)
Any ideas?

EDIT:I tried different variations of commands with the help of Chatgpt. I always get some error like ;
expected end of command (line 5 column 148) in target=$ipAddress/32

So finally ChatGpt give me advice to try here on forum or contact mikrotik suport
Can one of the experienced users confirm for me that this is a bug in the mikrotik of the given version (6.49.10) and whether it works in another version of mikrotik?