Hi Cory, On Tue, Mar 15, 2011 at 01:41:18PM -0500, Cory Forsyth wrote: > I have an haproxy.conf like so. I'm trying to limit based on the concurrent > connections. > > backend thebackend > stick-table type ip size 8k expire 5m store gpc0,conn_cur > tcp-request content track-sc1 src > acl mark_seen sc1_inc_gpc0 > acl needs_increment src_get_gpc0(union) eq 0 > tcp-response content accept if needs_increment mark_seen > server x.y.z:80 > > backend over_concurrent_per_ip > option httplog > log 127.0.0.1 local1 > block if TRUE > > frontend http_proxy > log 127.0.0.1 local0 > log 127.0.0.1 local1 err > bind *:80 > mode http > option forwardfor > option httplog > option log-separate-errors > default_backend thebackend > acl too_many_from_ip src_conn_cur(thebackend) gt 0 > use_backend over_concurrent_per_ip if too_many_from_ip > > > Whether I use "src_conn_cur" or sc1_conn_cur, with or without the table > argument, this does not work. No matter how many concurrent connections per > ip in the stick table, they never get denied. > > Any suggestions?
At first glance, I cannot spot anything wrong. Could you please enable the stats socket and issue a "show table" request there using socat ? It would be helpful to see if the entries are really stored or are ignored, so that we know whether it's the matching that fails or the store. Regards, Willy
