I solved my problem.
The issue was I needed to specify the correct stick-table in the
src_get_gpc0 call. The corrected line is:
acl source_is_new src_get_gpc0*(thebackend)* eq 0
On Thu, Mar 10, 2011 at 7:52 PM, Cory Forsyth <[email protected]>wrote:
> I am trying to make an haproxy config where if an IP visits the server then
> I'll track it in a stick-table and increment the gpc.
> If my capacity1 server gets marked down I want to only allow incoming
> requests from IP addresses that already appear in that stick-table. The
> full config is shown below.
>
> I am using socat and haproxy's stats to view the contents of the
> stick-table, and I see the gpc0 counter variable getting incremented on
> every request. But when the capacity server gets marked as down than every
> incoming request, even from IPs with positive gpc0 values, gets blocked
> immediately.
>
> Any suggestions? This is on 1.5-dev3.
>
>
> global
> maxconn 30000
> ulimit-n 65536
> log 127.0.0.1 local0
> log 127.0.0.1 local1 debug
> stats socket /var/run/haproxy.stat mode 600 level operator
>
> defaults
> stats uri /stats
> mode http
> timeout connect 5000ms
> timeout client 50000ms
> timeout server 50000ms
>
> backend capacity
> option httpchk GET /
> server capacity1 127.0.0.1:81 check rise 1 fall 1
>
> backend thebackend
> stick-table type ip size 5 expire 30s store gpc0
> tcp-request content track-sc1 src
> acl mark_seen sc1_inc_gpc0
> tcp-response content accept if TRUE mark_seen
> server union1 x.x.x.x:80
>
>
> frontend http_proxy
> bind *:80
> mode http
> option forwardfor
> default_backend thebackend
> acl have_capacity srv_is_up(capacity/capacity1)
> acl source_is_new src_get_gpc0 eq 0
> block if !have_capacity source_is_new
>
--
[image: Follow me on twitter] <http://movableink.com/twitter_pics/244/link>get
your own Movable Ink <http://movableink.com/?s=sig>