I am upgrading my environment from haproxy 1.3/1.4 to haproxy 1.5 but as of yet am not using any of the newer features.
I'm intrigued with using the stick table facilities in haproxy 1.5 to help mitigate the impact of malicious users and that seems to be a common goal - however I haven't seen any discussion about large groups of users behind NATs and firewalls (businesses, universities, mobile, etc.) Has anyone found a happy median between these two concerns? Aside from white listing and the blocks aging out over time. One thought I had, in a virtual hosting environment, was to use a stick table to track the number of requests by Host header, and direct requests to a different backend (with dedicated resources) once requests for a particular vhost crosses a threshold - and rejoin the common pool once the traffic dies down. Has anyone been successful with a similar setup?
