On 21.10.2016 18:01, Chad Lavoie wrote: > Greetings, > > > On 10/21/2016 08:19 AM, Dennis Jacobfeuerborn wrote: >> Hi, >> I'm currently experimenting with rate limiting request and while this >> sort-of works I see an issue where sometimes the stick-table that >> contains the rate-limiting variables isn't update with every request >> allowing multiple requests to succeed even if they shouldn't. >> >> I attached the configuration I'm using which basically is supposed to >> limit the number of requests to 1 per five seconds and if that limit is >> reached the request is diverted to a separate backend that sends a 429 >> status telling the client to back off. >> >> This works fine as long as the stick-table in the backend abuse-warning >> is updated properly but when I use curl from the shell to get the path >> /site1/limittest I don't see an entry added in the abuse-warning >> stick-table. > > From your configuration example I think you need to add "tcp-request > inspect-delay 10s" to the frontend with the stick table. > HAProxy should print a warning about random matching and suggest that on > startup. It does indeed cause it to record some hits and not others > without it, and is quite hard to debug if the warning is missed.
I added the directive and also tried reducing the time from 10s to 3s but the behavior is unchanged. Also there is no warning or error printed on startup or when I verify the configuration using the -c option. Regards, Dennis
