Hello, I have a sticky table for ip checks against high connection rate (for testing purposes it's set now to 3 connections in 10 seconds):
frontend lb-useast ... tcp-request content track-sc0 src stick-table type ip size 500k expire 30s store conn_cur,conn_rate(10s),http_req_rate(10s),http_err_rate(10s) http-request add-header X-Haproxy-ACL %[req.fhdr(X-Haproxy-ACL,-1)]over-3-connections-in-10-seconds, if { src_conn_rate gt 3 } ... default_backend logger backend logger server localhost localhost:55555 send-proxy frontend logger ... acl whitelisted req.fhdr(X-Haproxy-ACL) -m beg whitelisted, acl fail-validation req.fhdr(X-Haproxy-ACL) -m found http-request deny if !whitelisted fail-validation ... When I run 3 curl requests in a row, the table shows there were 5 connections with 1 failed: # echo "show table lb-useast" | socat - unix:/var/lib/haproxy/stats # table: lb-useast, type: ip, size:512000, used:1 0x24b3628: key=x.y.222.4 use=0 exp=26100 conn_rate(10000)=5 conn_cur=0 http_req_rate(10000)=3 http_err_rate(10000)=1 The curl command is pretty straightforward: for ((i=1;i<=3;i++)); do curl -s http://uat.my.com/privacy.html > /dev/null; echo $i; done How does haproxy count connections, so it gets 5 instead of 3? PS haproxy version is 1.5.4 -- Best regards, Alex