Hi Przemyslaw,
Le 31/10/2013 12:05, Przemysław Hejman a écrit :> Hello guys, it's me
one again.
>
> I just wanted to share my experiences after several very simple
> acceptance tests. First of all, I've found that the whitelist did not
> work - I had to change my configuration to something like this:
>
> global
> stats socket /tmp/haproxy.sock
> defaults
> mode http
> timeout connect 5000ms
> timeout client 50000ms
> timeout server 50000ms
> frontend app
> bind *:8080
> option http-server-close
> stick-table type integer size 200k expire 30m store
http_req_cnt
> acl white_list src 127.0.0.1 192.168.1.205 192.168.0.133
> tcp-request content accept if white_list
> tcp-request content track-sc0 urlp(SID,?)
> tcp-request content reject if { sc0_http_req_cnt gt 2 }
> tcp-request inspect-delay 10s
> default_backend web_servers
> backend web_servers
> balance roundrobin
> server web01 127.0.0.1:80 check inter 1000
>
> Therefore, I've decided to do a little test. I've put request sent by
> curl in a for loop like this
> for i in `seq 1 400`; do curl
> "192.168.0.132:8080/index.html?SID=33?asdf"; done
>
> Eveything to seem fine HOWEVER I have noticed that several (about 20)
> requests randomly PASSED.
Sorry, I didn't have time to reply to the configuration you provided
last time. But it is normal if it didn't work 100% of the times : this
is because your forgot to add a line that waits for a layer7
information, as Willy said.
The important thing was to add :
tcp-request content reject if !HTTP
> Pushing the stick-table and tracking/rejecting operations back to
> backend definition solved my problem.
Indeed, this is another way to wait for HTTP data to be complete, as a
HTTP frontend will use the backend only once the headers are received.
Thanks for sharing.
--
Cyril Bonté
