Re: gpc0 got increased twice when used with WAIT_END

Thu, 16 Apr 2015 09:45:07 -0700 

Oops, forgot to provide the version. it’s `HA-Proxy version 1.5.11 2015/01/31`

> On Apr 17, 2015, at 00:41, Ruoshan Huang <ruoshan.hu...@gmail.com> wrote:
> 
> hi,
>      I have this demo configuration below. I try to reject the request when 
> http_req_rate is too high,
> and re-accept the request from the client after it’s rejected twice. But this 
> configuration doesn’t work that way out,
> it just re-accept the request after client was reject once. and I find out 
> the gpc0 was increased twice when
> the WAIT_END was evaluated. Is this behavior normal? Please help me 
> understand it.
> 
>     This is my configs:
> 
> ```
> global
>     stats socket ipv4@127.0.0.1 <mailto:ipv4@127.0.0.1>:7777 level admin mode 
> 666
>     stats timeout 8m
>     chroot      /usr/share/haproxy
>     pidfile     /run/haproxy.pid
>     user        haproxy
> 
> 
> defaults
>     mode                    http
>     option                  forwardfor
>     option                  redispatch
>     retries                 3
>     timeout http-request    10s
>     timeout queue           1m
>     timeout connect         10s
>     timeout client          1m
>     timeout server          1m
>     timeout http-keep-alive 10s
>     timeout check           10s
>     maxconn                 3000
> 
> 
> frontend stats
>     bind *:7070
>     stats uri /
> 
> 
> frontend  main
>     bind *:7000
>     stick-table type ip size 100m expire 30m store 
> http_req_rate(10s),conn_cur,gpc0
>     tcp-request inspect-delay 30s  #make it long enough to debug
>     tcp-request content track-sc1 src
> 
>     # rate limiting
>     # # criterions
>     acl inc_gpc sc1_inc_gpc0() gt 0
>     acl clr_gpc sc1_clr_gpc0() ge 0
>     acl is_sensitive_url path /
>     acl is_abused sc1_http_req_rate gt 1
>     acl is_conn_normal sc1_conn_cur() lt 3
>     acl already_abused sc1_get_gpc0() gt 0
>     acl clr_abused sc1_get_gpc0() gt 2
>     # # actions
>     tcp-request content accept if is_conn_normal clr_abused clr_gpc   #set 
> the gpc0 to 0 after it has been rejected twice
>     tcp-request content reject if is_sensitive_url already_abused inc_gpc 
> WAIT_END              ###HERE is the problem line I have
>     http-request add-header X-Req-Rate %[sc1_http_req_rate()]/10sec if 
> is_sensitive_url is_abused inc_gpc
> 
>     default_backend ngx
> 
> 
> backend ngx
>     server ngx01 127.0.0.1:8080 maxconn 3
> ```
> 
> --
> Good day!
> ruoshan
> 

--
Good day!
ruoshan

Reply via email to