Hi guys,
I'm trying out the rate limit feature in 1.5-dev2. My config is
below. It appears to work in the sense that after the limit the
connection is dropped, but I actually want the connection to go to the
error backend, rather than the webserver backend and get dropped. I'm
guessing my logic in the frontend config is wrong rather than it being
a bug.
Thanks,
Matt
defaults
mode http
option httplog
option log-separate-errors
option httpchk HEAD /available HTTP/1.0
monitor-uri /haproxy_test
option allbackups
http-check disable-on-404
retries 3
option redispatch
maxconn 2000
timeout connect 5s
timeout client 60s
timeout server 60s
timeout http-request 10s
timeout http-keep-alive 2s
timeout check 10s
frontend ha-01-apache *:80
log 127.0.0.1:516 local0 info
option http-pretend-keepalive
stick-table type ip size 200k expire 10m store gpc0
acl source_is_abuser src_get_gpc0(http) gt 0
use_backend error if source_is_abuser
tcp-request connection track-sc1 src if ! source_is_abuser
acl apache_01 hdr_sub(host) -i example.com
use_backend webserver if apache_01
backend webserver
log 127.0.0.1:516 local0 info
option http-server-close
stick-table type ip size 200k expire 30s store conn_rate(100s)
tcp-request content track-sc2 src
acl conn_rate_abuse sc2_conn_rate gt 5
acl mark_as_abuser sc1_inc_gpc0 gt 0
tcp-request content reject if conn_rate_abuse mark_as_abuser
server apache 127.0.0.1:81 check inter 15s rise 2 fall 2
backend error
errorfile 503 /etc/haproxy/errorfiles/503.http
