Back from easter vacation :)
Baptiste wrote on 03/25/2015 10:30 AM:
Hi,
some useful examples can be taken from this blog post:
http://blog.haproxy.com/2012/02/27/use-a-load-balancer-as-a-first-row-of-defense-against-ddos/
Just replace src by hdr(X-Forwarded-For).
Tried:
frontend nocache
mode http
..
option httplog
option accept-invalid-http-request
stick-table type ip size 100k expire 30s store conn_cur
tcp-request connection reject if { src_conn_cur ge 10 }
tcp-request connection track-sc1 hdr(X-Forwarded-For)
..
but haproxy complains:
'tcp-request connection track-sc1' : fetch method 'hdr(X-Forwarded-For)'
extracts information from 'HTTP request headers,HTTP response headers',
none of which is available here
I took the example from
http://blog.haproxy.com/2012/02/27/use-a-load-balancer-as-a-first-row-of-defense-against-ddos/
:(
--
Regards,
Klavs Klavsen, GSEC - [email protected] - http://www.vsen.dk - Tlf. 61281200
"Those who do not understand Unix are condemned to reinvent it, poorly."
--Henry Spencer
