2015-07-13 18:07 GMT+02:00 bjun...@gmail.com <bjun...@gmail.com>: > Hi, > > i'm using stick-tables to track requests and block abusers if needed. > Abusers should be blocked only for a short period of time and i want a > stick-table entry to expire. > > Therefore, i have to check if the client is already marked as an > abuser and do not track this client. > > > example config: > > > frontend fe_http_in > > bind 127.0.0.1:8001 > > stick-table type ip size 100k expire 600s store gpc0 > > # Not working > # acl is_overlimit sc0_get_gpc0(fe_http_in) gt 0 > > # Working > # acl is_overlimit src_get_gpc0(fe_http_in) gt 0 > > tcp-request connection track-sc0 src if !is_overlimit > > default_backend be > > > backend be > > ... incrementing gpc0 ( with "sc0_inc_gpc0") ... > > > > If i use "sc0_get_gpc0", the stick-table entry will never expire > because the timer will be resetted (tcp-request connection track-sc0 > ... seems to ignore this acl). > > > With "src_get_gpc0" everything works as expected. > > > Both ACL's are correct and triggered (verified with debug headers > (http-response set-header ...)) > > > What's the difference between these ACL's in conjunction with > "tcp-request connection track-sc0 ..." ? > > Is this a bug or intended behaviour ? > > > ----------- > Bjoern
Has anyone observed the same behaviour or knowing if this is the correct behaviour? ----------- Bjoern