You should simply disable the anti-dos protection to check the difference.
Also, I can recommend you to enable the stats socket in the global config,
so that you can inspect your tables or even delete entries :
global
stats socket /var/run/haproxy.sock level admin
stats timeout 1d
Then from the command line :
$ socat readline /var/run/haproxy.sock
prompt
show table
show table mySite-webfarm
clear table mySite-webfarm key 192.168.0.1
Will try this
etc...
Also, I think that what you're experiencing is that your block levels
are too low and that once an IP is blocked, it remains blocked because
the user continues to try to access the site.
That's fairly impossible, why would static be missing then? No rate
limit on requests to static
Also, keep in mind that
the "use_backend" rules are processed last (I should add a warning to
remind about that when they're placed before tcp-request).
I would personally simplify your config like this (it does not need
to track two separate counters anymore) :
stick-table type ip size 1m expire 5m store gpc0,conn_rate(10s)
acl source_is_abuser src_get_gpc0 gt 0
tcp-request connection track-sc1 src if ! source_is_abuser
acl conn_rate_abuse sc1_conn_rate gt 30
acl mark_as_abuser sc1_inc_gpc0 gt 0
use_backend ease-up if source_is_abuser
use_backend ease-up if conn_rate_abuse mark_as_abuser
Regards,
Willy
Thank you,
Joe
