Hi Michal,
On Mon, May 26, 2014 at 05:00:31PM +0200, Lazy wrote:
> Is it normal that http table exp counter gets updated even if src
> address is whitelisted sc1_get_gpc0(backend) > 0 ?
(...)
I'm seeing a few things that confuse me in your config :
tcp-request content track-sc1 src if !whitelist
acl whitelist sc1_get_gpc0(backend) gt 0
So basically you enable tracking on sc1 if sc1_get_gpc0() == 0.
But sc1_get_gpc0() does not exist yet (since sc1 not yet tracked)
thus the ACL will always return "not found" and the track-sc1 rule
will not be applied.
That could explain your observation, because below then whitelist
will not match and the "or" will be evaluated :
acl flag_ok sc1_inc_gpc0(backend) ge 0
acl rm_black src_clr_gpc0(http) ge 0
acl whitelist sc1_get_gpc0(backend) gt 0
acl cauth_ok cookie_auth
http-request allow if whitelist or cauth_ok flag_ok rm_black
> Is it possible to force expire an entry using an acl ?
No but you have sc*_clr_* which might possibly do what you need.
> Is it possible to define multiple stick tables storing gpc0 in a
> single frontend,
No you need at least one proxy (frontend or backend) per stick-table,
there's a 1:1 relation. However, I'd suggest that you create backends
for this, because a frontend requires at least a "bind" line while a
backend does not require anything, and is perfectly fine with only a
stick-table. So simply create 3 backends if you want 3 values stored
in parallel for the same key.
> now it's using one from the frontend and one from the backend but how
> to define sc2 without adding another backend ?
A backend is free, don't bother with this. Simply create it this way
for instance :
backend table-1
stick-table type ip size 1m expire 10m store gpc0
And that's all.
Hoping this helps,
Willy
