Hi Holger, On Wed, Jul 13, 2016 at 12:09:51PM +0200, Holger Just wrote: > Hi Willy, > > Willy Tarreau wrote: > >> At first I was thinking whether we could track the response status in stick > >> table, then it may be neat. but currently there isn't `http-response > >> track-sc?` directive. can it? > > > > Interesting. No it isn't, just because I think we never found a valid > > use case for it. It's possible that you found the first one in fact :-) > > Having this capability would also solve a long-standing itch for myself.
Ah good! > We have some authenticated services (via Basic Auth and other means) > which signal an authentication failure via a 403 status. More likely 401 instead. > We want to > throttle and finally block IPs which cause too many authentication > failures. Stick tables would be great for that as long as we could store > the response status to use it in subsequent requests. That's a good point. Normally we do that by checking the http_err counter, but it will count various types of errors which are not necessarily of interest in your case. > I think, right now, we could build a crutch with `http-response > sc-inc-gpc0` but having real http-response track-sc actions would make > thing much easier and cleaner. Yes I agree. Otherwise you can track sc0 on the request and inc-gpc0 during the response. But having something easier is definitely better. Regards, Willy
