Hi Chad, Other than having a script clearing the table via socket on a timer I can't > think of an easy way to handle a sudden expiration.
I tried echo "clear counters all" | sudo socat unix:/etc/haproxy/status stdio and it does work however it has no effect on stick table! Is there any way to drop the table so I could create the script you mentioned above? Thanks a lot. On Fri, Aug 12, 2016 at 6:45 PM, Chad Lavoie <[email protected]> wrote: > Greetings, > > On 08/12/2016 11:01 AM, Artem Lalaiants wrote: > > Hello, > > I'm trying to limit traffic based on the amount of http requests load > balancer handles at the moment. The goal is to limit http requests > globally, same way it works with http_req_rate() but globally - not per IP. > For example, use another backend (with a custom error page) if it gets more > then 10 http requests for the last 10 seconds. After 10th second the > counter must be dropped and start counting again. > > > My example here uses the http_req_rate, so its a running average vs > counting up and then dropping once 10s is up. Other than having a script > clearing the table via socket on a timer I can't think of an easy way to > handle a sudden expiration. > > > Is there a way to do that with haproxy? > > > Add the following above the frontend in question (you could keep it in the > same frontend if there is just one of them, but I like the clarity of > having them outside (and it allows for more than one)): > > backend global-rate-limit > stick-table size 1 expire 10s type integer store http_req_rate(10s) > > In the frontend(s) in question: > tcp-request content track-sc0 int(0) table global-rate-limit > use_backend my_overlimit_backend if { sc_http_req_rate(0) gt 9 } > > In this case the 'int(0)' just makes it store 0 in the stick table so > everything is tracked in the same entry. Can also use fe_id() to make it > per frontend sharing the same table (make sure to increase the size if you > do that) and other similar things. > > Thanks, > - Chad > > > Any advice is highly appreciated! Thank you. > > -- > Artem Lalaiants > DevOps Lead > , GeoComply > skype: artem.kharkov > www.geocomply.com > > *CONFIDENTIALITY NOTICE: The information contained in this email message > is intended only for use of the intended recipient. If the reader of this > message is not the intended recipient, you are hereby notified that any > dissemination, distribution or copying of this communication is strictly > prohibited. If you have received this communication in error, please > immediately delete it from your system and notify the sender by replying to > this email.* > > > -- Artem Lalaiants Infrastructure Engineer, GeoComply skype: artem.kharkov www.geocomply.com -- *CONFIDENTIALITY NOTICE: The information contained in this email message is intended only for use of the intended recipient. If the reader of this message is not the intended recipient, you are hereby notified that any dissemination, distribution or copying of this communication is strictly prohibited. If you have received this communication in error, please immediately delete it from your system and notify the sender by replying to this email.*
