Hello Chris and I followed this example but found that it limits by url but for all users. that might be what you want in a slashdotting but its not what we want for individual users falling asleep with nose on f5(reload) key
we looked at base32+src rather than url but that excludes the url parameters I've started a separate thread with a new url32+src function. Neil On 1 November 2013 18:39, Cyril Bonté <cyril.bo...@free.fr> wrote: > Hi Przemyslaw, > > Le 31/10/2013 12:05, Przemysław Hejman a écrit :> Hello guys, it's me one > again. > > > > > I just wanted to share my experiences after several very simple > > acceptance tests. First of all, I've found that the whitelist did not > > work - I had to change my configuration to something like this: > > > > global > > stats socket /tmp/haproxy.sock > > defaults > > mode http > > timeout connect 5000ms > > timeout client 50000ms > > timeout server 50000ms > > frontend app > > bind *:8080 > > option http-server-close > > stick-table type integer size 200k expire 30m store > http_req_cnt > > acl white_list src 127.0.0.1 192.168.1.205 192.168.0.133 > > tcp-request content accept if white_list > > tcp-request content track-sc0 urlp(SID,?) > > tcp-request content reject if { sc0_http_req_cnt gt 2 } > > tcp-request inspect-delay 10s > > default_backend web_servers > > backend web_servers > > balance roundrobin > > server web01 127.0.0.1:80 check inter 1000 > > > > Therefore, I've decided to do a little test. I've put request sent by > > curl in a for loop like this > > for i in `seq 1 400`; do curl > > "192.168.0.132:8080/index.html?SID=33?asdf"; done > > > > Eveything to seem fine HOWEVER I have noticed that several (about 20) > > requests randomly PASSED. > > Sorry, I didn't have time to reply to the configuration you provided last > time. But it is normal if it didn't work 100% of the times : this is > because your forgot to add a line that waits for a layer7 information, as > Willy said. > > The important thing was to add : > tcp-request content reject if !HTTP > > > > > Pushing the stick-table and tracking/rejecting operations back to > > backend definition solved my problem. > > Indeed, this is another way to wait for HTTP data to be complete, as a > HTTP frontend will use the backend only once the headers are received. > > Thanks for sharing. > > -- > Cyril Bonté > >