I am trying to make an haproxy config where if an IP visits the server then
I'll track it in a stick-table and increment the gpc.
If my capacity1 server gets marked down I want to only allow incoming
requests from IP addresses that already appear in that stick-table.  The
full config is shown below.

I am using socat and haproxy's stats to view the contents of the
stick-table, and I see the gpc0 counter variable getting incremented on
every request.  But when the capacity server gets marked as down than every
incoming request, even from IPs with positive gpc0 values, gets blocked
immediately.

Any suggestions? This is on 1.5-dev3.


global
        maxconn 30000
        ulimit-n 65536
        log     127.0.0.1 local0
        log     127.0.0.1 local1 debug
        stats socket /var/run/haproxy.stat mode 600 level operator

defaults
        stats uri /stats
        mode http
        timeout connect 5000ms
        timeout client 50000ms
        timeout server 50000ms

backend capacity
        option httpchk GET /
        server capacity1 127.0.0.1:81 check rise 1 fall 1

backend thebackend
        stick-table type ip size 5 expire 30s store gpc0
        tcp-request content  track-sc1 src
        acl mark_seen sc1_inc_gpc0
        tcp-response content accept if TRUE mark_seen
        server union1 x.x.x.x:80


frontend http_proxy
        bind *:80
        mode http
        option forwardfor
        default_backend thebackend
        acl have_capacity srv_is_up(capacity/capacity1)
        acl source_is_new src_get_gpc0 eq 0
        block if !have_capacity source_is_new

Reply via email to