Hi,

you should post your whole config and show some logs exhibiting the requests,
because in the blog's example there are a number of conditions to track the
request (eg: the request must be a POST to /wp-login.php, etc...). It is
very likely that something in your test is different.

I have now tried the dev19 and haproxy-ss-20130814.

I have cut down the config just to include the backend parts to demonstrate the issue:

global
    log         127.0.0.1 local2
    chroot      /var/lib/haproxy
    pidfile     /var/run/haproxy.pid
    stats socket /var/run/haproxy.stat mode 600 level operator
    maxconn     4000
    user        haproxy
    group       haproxy
    daemon

    stats socket /var/lib/haproxy/stats

defaults
    mode                    http
    log                     global
    option                  httplog
    option                  dontlognull
    option forwardfor       except 127.0.0.0/8
    option                  redispatch
    option httpclose
    retries                 3
    timeout http-request    10s
    timeout queue           1m
    timeout connect         10s
    timeout client          1m
    timeout server          1m
    timeout http-keep-alive 10s
    timeout check           10s
    maxconn                 3000

frontend http-in
    bind *:80
    default_backend web29

backend web29
    stick-table type ip size 50k expire 120m store http_req_rate(120s)
    tcp-request content track-sc2  src if METH_POST
    stick store-request src            if METH_POST
    acl bruteforce_detection  sc2_http_req_rate gt 5
    acl foo sc1_inc_gpc0 gt 0
    http-request deny if foo bruteforce_detection
    server web29 94.199.58.249:80 check


Looking at the tables via haproxy.stat socket:
[root@web29haproxy haproxy]# socat readline /var/run/haproxy.stat
prompt
> set timeout cli 300s
> show table web29
# table: web29, type: ip, size:51200, used:0

> show table web29
# table: web29, type: ip, size:51200, used:1
0x7e33b0: key=x.x.x.x use=0 exp=7197866 server_id=1 http_req_rate(120000)=14
>

You can see that the http_req_rate(120s) is over 5. If I remove that acl foo and "foo" from http-request deny line then it works.. but I need that sc1_get_gpc0 for frontend..

And log from the test:
2013-08-31T16:44:23+03:00 localhost haproxy[32351]: Proxy http-in started.
2013-08-31T16:44:23+03:00 localhost haproxy[32351]: Proxy web29 started.
2013-08-31T16:45:03+03:00 localhost haproxy[32352]: x.x.x.x:59089 [31/Aug/2013:16:45:03.407] http-in web29/web29 0/0/0/82/87 200 238 - - ---- 0/0/0/0/0 0/0 "POST /wp-login.php HTTP/1.1" 2013-08-31T16:45:04+03:00 localhost haproxy[32352]: x.x.x.x:59091 [31/Aug/2013:16:45:04.160] http-in web29/web29 0/0/1/75/77 200 238 - - ---- 0/0/0/0/0 0/0 "POST /wp-login.php HTTP/1.1" 2013-08-31T16:45:04+03:00 localhost haproxy[32352]: x.x.x.x:59093 [31/Aug/2013:16:45:04.725] http-in web29/web29 0/0/0/79/80 200 238 - - ---- 0/0/0/0/0 0/0 "POST /wp-login.php HTTP/1.1" 2013-08-31T16:45:05+03:00 localhost haproxy[32352]: x.x.x.x:59094 [31/Aug/2013:16:45:05.379] http-in web29/web29 10/0/1/40/52 200 238 - - ---- 0/0/0/0/0 0/0 "POST /wp-login.php HTTP/1.1" 2013-08-31T16:45:06+03:00 localhost haproxy[32352]: x.x.x.x:59095 [31/Aug/2013:16:45:05.979] http-in web29/web29 9/0/0/41/50 200 238 - - ---- 0/0/0/0/0 0/0 "POST /wp-login.php HTTP/1.1" 2013-08-31T16:45:06+03:00 localhost haproxy[32352]: x.x.x.x:59096 [31/Aug/2013:16:45:06.582] http-in web29/web29 11/0/0/80/91 200 238 - - ---- 0/0/0/0/0 0/0 "POST /wp-login.php HTTP/1.1" 2013-08-31T16:45:07+03:00 localhost haproxy[32352]: x.x.x.x:59097 [31/Aug/2013:16:45:07.135] http-in web29/web29 4/0/0/82/87 200 238 - - ---- 0/0/0/0/0 0/0 "POST /wp-login.php HTTP/1.1" 2013-08-31T16:45:07+03:00 localhost haproxy[32352]: x.x.x.x:59098 [31/Aug/2013:16:45:07.768] http-in web29/web29 35/0/0/79/115 200 238 - - ---- 0/0/0/0/0 0/0 "POST /wp-login.php HTTP/1.1" 2013-08-31T16:45:08+03:00 localhost haproxy[32352]: x.x.x.x:59099 [31/Aug/2013:16:45:08.243] http-in web29/web29 0/0/0/39/40 200 238 - - ---- 0/0/0/0/0 0/0 "POST /wp-login.php HTTP/1.1" 2013-08-31T16:45:08+03:00 localhost haproxy[32352]: x.x.x.x:59100 [31/Aug/2013:16:45:08.801] http-in web29/web29 16/0/0/39/55 200 238 - - ---- 0/0/0/0/0 0/0 "POST /wp-login.php HTTP/1.1" 2013-08-31T16:45:09+03:00 localhost haproxy[32352]: x.x.x.x:59101 [31/Aug/2013:16:45:09.397] http-in web29/web29 7/0/0/39/46 200 238 - - ---- 0/0/0/0/0 0/0 "POST /wp-login.php HTTP/1.1" 2013-08-31T16:45:09+03:00 localhost haproxy[32352]: x.x.x.x:59102 [31/Aug/2013:16:45:09.949] http-in web29/web29 5/0/0/38/43 200 238 - - ---- 0/0/0/0/0 0/0 "POST /wp-login.php HTTP/1.1" 2013-08-31T16:45:10+03:00 localhost haproxy[32352]: x.x.x.x:59103 [31/Aug/2013:16:45:10.468] http-in web29/web29 3/0/0/40/43 200 238 - - ---- 0/0/0/0/0 0/0 "POST /wp-login.php HTTP/1.1" 2013-08-31T16:45:11+03:00 localhost haproxy[32352]: x.x.x.x:59104 [31/Aug/2013:16:45:11.012] http-in web29/web29 7/0/0/78/86 200 238 - - ---- 0/0/0/0/0 0/0 "POST /wp-login.php HTTP/1.1"

Thanks in advance,
Toni Mattila


Reply via email to