Hi, Your stick table definition is missing some information. Use the one below: stick-table type string len 40 size 200k expire 3m store http_req_cnt
Maybe you should also turn on option http-server-close. Baptiste On Wed, Oct 23, 2013 at 7:49 PM, Przemysław Hejman <[email protected]> wrote: > Hi Baptiste, > > Thank you for your pieces of advice. I've tried to write such a config, > however, it does not seem to work - can you tell me what I'm missing or what > am I doing wrong? > > defaults > mode http > contimeout 5000 > clitimeout 50000 > srvtimeout 50000 > > > listen app 192.168.9.130:80 > mode http > tcp-request connection accept if { src -f /etc/haproxy/whitelist.lst > } # Just a simple whitelist > #create a stick table, string type, store number of requests > stick-table type string len 40 size 200k expire 3m > #store url parameter called id > stick store-request urlp(SID,?) # stick on urlp(SID) > #track counter on url parameter id > tcp-request content track-sc0 urlp(SID,?) > #deny if the number of request for the tracked id is greater than X > tcp-request connection reject if { sc0_http_req_cnt gt 2 } > default_backend web_servers > > backend web_servers > balance roundrobin > server web01 192.168.9.128:80 check inter 1000 > server web02 192.168.9.129:80 check inter 1000 > > -- > > e-mail: [email protected] > > TouK sp. z o.o. s.k.a. > 02-389 Warszawa, al. Bohaterów Września 9 > http://touk.pl > > Wiadomość napisana przez Baptiste w dniu 18 paź 2013, o godz. 14:40: > > Hi Przemyslaw, > > You can do this: > create a stick table, string type, store number of requests > store url parameter called id > track counter on url parameter id > deny if the number of request for the tracked id is greater than X > > Baptiste > > > On Fri, Oct 18, 2013 at 11:02 AM, Przemysław Hejman <[email protected]> wrote: > > Hello everyone, > > > > Is there any possibility for HAProxy to perform a rate limit per repeating > > request? Consider following situation: > > Assume that you have requests like: > > > GET /file&id=123%someotherstuff > > GET /file&id=476%someotherstuff > > GET /file&id=111%someotherstuff > > GET /file&id=111%someotherstuff > > GET /file&id=111%someotherstuff > > GET /file&id=476%someotherstuff > > > What I want to do is to block the next request containing "id=111". Lets > > say that I want to allow only 3 exactly same requests matching [0-9]{3}. > > > Is there any possibility to configure a stick table to work like in this > > example? If no, do you know any other mechanisms to perform such an action? > > > Bes > > -- > > > e-mail: [email protected] > > > TouK sp. z o.o. s.k.a. > > 02-389 Warszawa, al. Bohaterów Września 9 > > http://touk.pl > > > >
