hi,
I have this demo configuration below. I try to reject the request when
http_req_rate is too high,
and re-accept the request from the client after it’s rejected twice. But this
configuration doesn’t work that way out,
it just re-accept the request after client was reject once. and I find out the
gpc0 was increased twice when
the WAIT_END was evaluated. Is this behavior normal? Please help me understand
it.
This is my configs:
```
global
stats socket [email protected]:7777 level admin mode 666
stats timeout 8m
chroot /usr/share/haproxy
pidfile /run/haproxy.pid
user haproxy
defaults
mode http
option forwardfor
option redispatch
retries 3
timeout http-request 10s
timeout queue 1m
timeout connect 10s
timeout client 1m
timeout server 1m
timeout http-keep-alive 10s
timeout check 10s
maxconn 3000
frontend stats
bind *:7070
stats uri /
frontend main
bind *:7000
stick-table type ip size 100m expire 30m store
http_req_rate(10s),conn_cur,gpc0
tcp-request inspect-delay 30s #make it long enough to debug
tcp-request content track-sc1 src
# rate limiting
# # criterions
acl inc_gpc sc1_inc_gpc0() gt 0
acl clr_gpc sc1_clr_gpc0() ge 0
acl is_sensitive_url path /
acl is_abused sc1_http_req_rate gt 1
acl is_conn_normal sc1_conn_cur() lt 3
acl already_abused sc1_get_gpc0() gt 0
acl clr_abused sc1_get_gpc0() gt 2
# # actions
tcp-request content accept if is_conn_normal clr_abused clr_gpc #set the
gpc0 to 0 after it has been rejected twice
tcp-request content reject if is_sensitive_url already_abused inc_gpc
WAIT_END ###HERE is the problem line I have
http-request add-header X-Req-Rate %[sc1_http_req_rate()]/10sec if
is_sensitive_url is_abused inc_gpc
default_backend ngx
backend ngx
server ngx01 127.0.0.1:8080 maxconn 3
```
--
Good day!
ruoshan
