Hi Michael,
On Thu, Jun 14, 2012 at 04:35:35PM +1000, Michael Kearey wrote:
> Hi all, if there is a bug report area please let me know.
>
> I have been using HAproxy 1.4 for some time, wonderful program, very
> reliable. I have come to need some features that exist in 1.5 dev, and
> built the dev 11 release. In testing the following no longer functions as
> it did in earlier dev releases like 10, 9 etc:
>
>
>
>
> frontend TEST
> bind 192.168.0.115:8081
> default_backend TEST
> option forwardfor
> log global
> option httplog clf
>
> # vulnerability scann protection
> stick-table type ip size 1m expire 10s store gpc0,http_err_rate(10s)
> tcp-request connection track-sc1 src
> tcp-request connection reject if { src_get_gpc0 gt 0 }
>
>
>
> backend TEST
> enabled
> balance roundrobin
> # If the source IP generated 10 or more http request over the
> defined period,
> # flag the IP as abuser on the frontend
> acl abuse src_http_err_rate(TEST) ge 10
> acl flag_abuser src_inc_gpc0(TEST)
> tcp-request content reject if abuse flag_abuser
>
> server qa1 192.168.0.113:80 weight 1 maxconn 5000 check
> server qa2 192.168.0.114:80 weight 1 maxconn 5000 check
>
>
>
> I may have narrowed down to the patch I think introduced the problem :
>
> haproxy.1wt.eu/git?p=haproxy.git;a=commitdiff;h=496aa0111ee22d0deb8ca0c30c85503011219f05
>
>
> Unfortunately without devoting a lot of time to understanding the code I
> have reached my limits of debugging. It seems acls like the above has
> broken as a result of the patch. The exact failure is that it simple does
> not count the http_error_rate at all - the gpc counter is not changed as
> loads of 404 errors are returned to a client for example.
>
> Note I have not gone back and double checked the exact patch that
> introduced the problem.. But at least this example config is enough to
> illustrate the problem in dev 11
Thank you for your bug report and for digging into this. I'll try to
reproduce (I hope today but not sure, I'm busy all the day), and will
keep you informed.
Best regards,
Willy
