Greetings,
On 08/12/2016 11:01 AM, Artem Lalaiants wrote:
Hello,
I'm trying to limit traffic based on the amount of http requests load
balancer handles at the moment. The goal is to limit http requests
globally, same way it works with http_req_rate() but globally - not
per IP. For example, use another backend (with a custom error page) if
it gets more then 10 http requests for the last 10 seconds. After 10th
second the counter must be dropped and start counting again.
My example here uses the http_req_rate, so its a running average vs
counting up and then dropping once 10s is up. Other than having a
script clearing the table via socket on a timer I can't think of an easy
way to handle a sudden expiration.
Is there a way to do that with haproxy?
Add the following above the frontend in question (you could keep it in
the same frontend if there is just one of them, but I like the clarity
of having them outside (and it allows for more than one)):
backend global-rate-limit
stick-table size 1 expire 10s type integer store http_req_rate(10s)
In the frontend(s) in question:
tcp-request content track-sc0 int(0) table global-rate-limit
use_backend my_overlimit_backend if { sc_http_req_rate(0) gt 9 }
In this case the 'int(0)' just makes it store 0 in the stick table so
everything is tracked in the same entry. Can also use fe_id() to make
it per frontend sharing the same table (make sure to increase the size
if you do that) and other similar things.
Thanks,
- Chad
Any advice is highly appreciated! Thank you.
--
Artem Lalaiants
​DevOps Lead
, GeoComply
skype: artem.kharkov
www.geocomply.com <http://www.geocomply.com/>
/CONFIDENTIALITY NOTICE: The information contained in this email
message is intended only for use of the intended recipient. If the
reader of this message is not the intended recipient, you are hereby
notified that any dissemination, distribution or copying of this
communication is strictly prohibited. If you have received this
communication in error, please immediately delete it from your system
and notify the sender by replying to this email./
