Greetings,
On 10/21/2016 08:19 AM, Dennis Jacobfeuerborn wrote:
Hi, I'm currently experimenting with rate limiting request and while this sort-of works I see an issue where sometimes the stick-table that contains the rate-limiting variables isn't update with every request allowing multiple requests to succeed even if they shouldn't. I attached the configuration I'm using which basically is supposed to limit the number of requests to 1 per five seconds and if that limit is reached the request is diverted to a separate backend that sends a 429 status telling the client to back off. This works fine as long as the stick-table in the backend abuse-warning is updated properly but when I use curl from the shell to get the path /site1/limittest I don't see an entry added in the abuse-warning stick-table.
From your configuration example I think you need to add "tcp-request inspect-delay 10s" to the frontend with the stick table. HAProxy should print a warning about random matching and suggest that on startup. It does indeed cause it to record some hits and not others without it, and is quite hard to debug if the warning is missed.
- Chad
As long as that entry doesn't appear there i can issue requests without being limited. I noticed that the last line of the curl output says: * Connection #0 to host 192.168.0.100 left intact I'm wondering if this might have something to do with it. Maybe the stick-table is only updated when the connection closes? Is there a way to force the entry to be create immediately? I'm using haproxy 1.6.9 on a Fedora 24 System. Regards, Dennis
