Hi Cory,
On Tue, Mar 15, 2011 at 01:41:18PM -0500, Cory Forsyth wrote:
> I have an haproxy.conf like so. I'm trying to limit based on the concurrent
> connections.
>
> backend thebackend
> stick-table type ip size 8k expire 5m store gpc0,conn_cur
> tcp-request content track-sc1 src
> acl mark_seen sc1_inc_gpc0
> acl needs_increment src_get_gpc0(union) eq 0
> tcp-response content accept if needs_increment mark_seen
> server x.y.z:80
>
> backend over_concurrent_per_ip
> option httplog
> log 127.0.0.1 local1
> block if TRUE
>
> frontend http_proxy
> log 127.0.0.1 local0
> log 127.0.0.1 local1 err
> bind *:80
> mode http
> option forwardfor
> option httplog
> option log-separate-errors
> default_backend thebackend
> acl too_many_from_ip src_conn_cur(thebackend) gt 0
> use_backend over_concurrent_per_ip if too_many_from_ip
>
>
> Whether I use "src_conn_cur" or sc1_conn_cur, with or without the table
> argument, this does not work. No matter how many concurrent connections per
> ip in the stick table, they never get denied.
>
> Any suggestions?
At first glance, I cannot spot anything wrong. Could you please enable the stats socket and issue a "show table" request there using socat ? It would be helpful to see if the entries are really stored or are ignored, so that we know whether it's the matching that fails or the store.
Regards,
Willy
Received on 2011/03/15 22:17
This archive was generated by hypermail 2.2.0 : 2011/03/15 22:30 CET