Hi, i'm using stick-tables to track requests and block abusers if needed. Abusers should be blocked only for a short period of time and i want a stick-table entry to expire.
Therefore, i have to check if the client is already marked as an abuser and do not track this client. example config: frontend fe_http_in bind 127.0.0.1:8001 stick-table type ip size 100k expire 600s store gpc0 # Not working # acl is_overlimit sc0_get_gpc0(fe_http_in) gt 0 # Working # acl is_overlimit src_get_gpc0(fe_http_in) gt 0 tcp-request connection track-sc0 src if !is_overlimit default_backend be backend be ... incrementing gpc0 ( with "sc0_inc_gpc0") ... If i use "sc0_get_gpc0", the stick-table entry will never expire because the timer will be resetted (tcp-request connection track-sc0 ... seems to ignore this acl). With "src_get_gpc0" everything works as expected. Both ACL's are correct and triggered (verified with debug headers (http-response set-header ...)) What's the difference between these ACL's in conjunction with "tcp-request connection track-sc0 ..." ? Is this a bug or intended behaviour ? ----------- Bjoern
