Hi, some useful examples can be taken from this blog post: http://blog.haproxy.com/2012/02/27/use-a-load-balancer-as-a-first-row-of-defense-against-ddos/
Just replace src by hdr(X-Forwarded-For). Baptiste On Tue, Mar 24, 2015 at 5:58 PM, Jarno Huuskonen <jarno.huusko...@uef.fi> wrote: > Hi, > > On Tue, Mar 24, Klavs Klavsen wrote: >> I now have: >> stick-table type string size 100k store conn_cur,gpc0 >> stick store-request hdr(X-Forwarded-For,-1) >> tcp-request content track-sc2 hdr(X-Forwarded-For) >> acl allowed sc2_conn_cur lt 2 >> block unless allowed > > tcp-request inspect-delay ? > Most of the examples seem to use inspect-delay: > http://cbonte.github.io/haproxy-dconv/configuration-1.5.html#4.2-tcp-request%20content > >> shouldn't the key - be the x-forwarded-for header? > > Have you checked that the requests have (one) x-forwarded-for header ? > hdr(X-Forwarded-For) = first header, and hdr(X-Forwarded-For,-1) = last > header. > (http://cbonte.github.io/haproxy-dconv/configuration-1.5.html#7.3.6-req.hdr) > > And is the haproxy ip the only one thats in the stick table ? > > -Jarno > > -- > Jarno Huuskonen >
