Hi Toni,
On Sat, Aug 31, 2013 at 04:51:45PM +0300, Toni Mattila wrote:
> frontend http-in
> bind *:80
> default_backend web29
>
> backend web29
> stick-table type ip size 50k expire 120m store http_req_rate(120s)
> tcp-request content track-sc2 src if METH_POST
> stick store-request src if METH_POST
> acl bruteforce_detection sc2_http_req_rate gt 5
> acl foo sc1_inc_gpc0 gt 0
> http-request deny if foo bruteforce_detection
> server web29 94.199.58.249:80 check
There is something wrong here, sc1 is never tracked. So I suspect
the ACL will return a "no-match" and causes the second one never
to be evaluated.
What I think you need in your case is to only track the source
address, so you can (and should) use the same tracker in both
cases, and also you should have your table store gpc0 as well :
backend web29
stick-table type ip size 50k expire 120m store gpc0,http_req_rate(120s)
tcp-request content track-sc2 src if METH_POST
stick store-request src if METH_POST
acl bruteforce_detection sc2_http_req_rate gt 5
acl foo sc2_inc_gpc0 gt 0
http-request deny if foo bruteforce_detection
server web29 94.199.58.249:80 check
I think that with the fix above it will work. BTW, you don't need
the "stick store-request" statement, but I suspect you used it to
debug the issue.
Regards,
Willy
