Oops, forgot to provide the version. it’s `HA-Proxy version 1.5.11 2015/01/31`
> On Apr 17, 2015, at 00:41, Ruoshan Huang <ruoshan.hu...@gmail.com> wrote: > > hi, > I have this demo configuration below. I try to reject the request when > http_req_rate is too high, > and re-accept the request from the client after it’s rejected twice. But this > configuration doesn’t work that way out, > it just re-accept the request after client was reject once. and I find out > the gpc0 was increased twice when > the WAIT_END was evaluated. Is this behavior normal? Please help me > understand it. > > This is my configs: > > ``` > global > stats socket ipv4@127.0.0.1 <mailto:ipv4@127.0.0.1>:7777 level admin mode > 666 > stats timeout 8m > chroot /usr/share/haproxy > pidfile /run/haproxy.pid > user haproxy > > > defaults > mode http > option forwardfor > option redispatch > retries 3 > timeout http-request 10s > timeout queue 1m > timeout connect 10s > timeout client 1m > timeout server 1m > timeout http-keep-alive 10s > timeout check 10s > maxconn 3000 > > > frontend stats > bind *:7070 > stats uri / > > > frontend main > bind *:7000 > stick-table type ip size 100m expire 30m store > http_req_rate(10s),conn_cur,gpc0 > tcp-request inspect-delay 30s #make it long enough to debug > tcp-request content track-sc1 src > > # rate limiting > # # criterions > acl inc_gpc sc1_inc_gpc0() gt 0 > acl clr_gpc sc1_clr_gpc0() ge 0 > acl is_sensitive_url path / > acl is_abused sc1_http_req_rate gt 1 > acl is_conn_normal sc1_conn_cur() lt 3 > acl already_abused sc1_get_gpc0() gt 0 > acl clr_abused sc1_get_gpc0() gt 2 > # # actions > tcp-request content accept if is_conn_normal clr_abused clr_gpc #set > the gpc0 to 0 after it has been rejected twice > tcp-request content reject if is_sensitive_url already_abused inc_gpc > WAIT_END ###HERE is the problem line I have > http-request add-header X-Req-Rate %[sc1_http_req_rate()]/10sec if > is_sensitive_url is_abused inc_gpc > > default_backend ngx > > > backend ngx > server ngx01 127.0.0.1:8080 maxconn 3 > ``` > > -- > Good day! > ruoshan > -- Good day! ruoshan