Thanks Much Andrew, I will definitely explore on this. Thanks again.
On Jun 28, 2017 22:03, "Andrew Smalley" <asmal...@loadbalancer.org> wrote: > Hi Vel > > Form what you describe the example using the tarpit feature may help you > taken from here https://blog.codecentric.de/en/2014/12/haproxy-http- > header-rate-limiting/ > > frontend fe_api_ssl > bind 192.168.0.1:443 ssl crt /etc/haproxy/ssl/api.pem no-sslv3 ciphers ... > default_backend be_api > > tcp-request inspect-delay 5s > > acl document_request path_beg -i /v2/documents > acl is_upload hdr_beg(Content-Type) -i multipart/form-data > acl too_many_uploads_by_user sc0_gpc0_rate() gt 100 > acl mark_seen sc0_inc_gpc0 gt 0 > > stick-table type string size 100k store gpc0_rate(60s) > > tcp-request content track-sc0 hdr(Authorization) if METH_POST > document_request is_upload > > use_backend 429_slow_down if mark_seen too_many_uploads_by_user > > backend be_429_slow_down > timeout tarpit 2s > errorfile 500 /etc/haproxy/errorfiles/429.http > http-request tarpit > > > > Andrew Smalley > > Loadbalancer.org Ltd. > www.loadbalancer.org <https://www.loadbalancer.org/?gclid=ES2017> > > <https://plus.google.com/+LoadbalancerOrg> > <https://twitter.com/loadbalancerorg> > <http://www.linkedin.com/company/3191352?trk=prof-exp-company-name> > <https://www.loadbalancer.org/?category=company&post-name=overview&?gclid=ES2017> > <https://www.loadbalancer.org/?gclid=ES2017> > +1 888 867 9504 <(888)%20867-9504> / +44 (0)330 380 1064 > <+44%20330%20380%201064> > asmal...@loadbalancer.org > > Leave a Review > <http://collector.reviews.io/loadbalancer-org-inc-/new-review> | Deployment > Guides > <https://www.loadbalancer.org/?category=resources&post-name=deployment-guides&?gclid=ES2017> > | Blog <https://www.loadbalancer.org/?category=blog&?gclid=ES2017> > > On 28 June 2017 at 10:01, Velmurugan Dhakshnamoorthy <dvel....@gmail.com> > wrote: > >> Hi Lukas, >> Thanks for your response in length. As I mentioned earlier, I was not >> aware that the people from discourse forum and this email d-list group are >> same. I am 100% new to HAProxy. >> >> Let me explain my current situation in-detail in this email thread, >> Kindly check if you or other people from the group can guide me. >> >> Our requirement to use HAProxy is NOT to load balance back-end (Weblogic >> 12c) servers, we have a singe backend instance (ex: PIA1), our server >> capacity is not high to handle the heavy traffic during peak load, the peak >> load occurs only 2 times in a year, that's a reason we are not scaling up >> our server resources as they will be idle majority of the time. >> >> we would like to use HAProxy to throttle http/tcp connections during the >> peak load, so that weblogic backed will not go to Out-Of-Memory >> state/PeopleSoft will not crash. >> >> To achieve http throttling,when setting maxconn to back end , HAProxy >> queue up further connections and releases once the active http connections >> become idle,however how weblogic works is, once the PeopleSoft URL is >> accessed and user is authenticated , cookie will be inserted to browser and >> cookie will be active by default 20 minutes, which mean even if user does >> not navigate and do anything inside the application, cookie session state >> will be retained in weblogic java heap. weblogic allocates small amount of >> memory in order to retain each active sessions (though memory allocation >> increase/decrease dynamically based on various business functionality i). >> as per current capacity , weblogic can retain only 100 session state , >> which means, I don't want to forward any further connections to weblogic >> until some of the sessions from 100 are released (by default the session >> will be released when user clicks explicitly on signout button or >> inactivity timeout reaches 20 minutes). >> >> according to my understanding, maxconn in back-end throttles connections >> and releases to back-end as and when tcp connection status changed to idle, >> but though connections are idle, logout/signout not occurred from >> PeopleSoft, so that still session state are maintained in weblogic and not >> released and cannot handle further connections. >> >> that's reason, I am setting the maxconn in front end and keeping HTTP >> alive option ON, so that I can throttle connections at front end itself. >> According to my POC, setting maxconn in front-end behaves differently than >> setting in back-end, when it is on front-end, it hold further connections >> in kernel , once the existing http connections are closed, it allows >> further connections inside, in this I dont see any performance issue for >> existing connections. >> >> for your information HAProxy and Weblogic are residing in a same single >> VM. >> >> please let me know if my above understanding is correct about maxconn. Is >> there any understanding gap ? is there any way to achieve my requirement >> differently? >> >> when decided to use maxconn in front-end, the connection queuing for few >> milli seconds and seconds are OK, but when connections are queued in >> minutes, would like to emit some meaningful message to user, that's a >> reason asked if there is any way to display custom message when connections >> are queued in Linux kernel. >> >> to answer Luaks question, weblogic does not logout user when tcp >> connection is closed. weblogic creates new connections as and when required. >> >> >> >> Best Wishes, >> Vel >> >> On Wed, Jun 28, 2017 at 9:47 AM, Lukas Tribus <lu...@gmx.net> wrote: >> >>> Hello Andrew, >>> >>> >>> Am 28.06.2017 um 02:06 schrieb Andrew Smalley: >>> > Lukas >>> > >>> > Why is this triple posting? Surely he asked questions in a nice way in >>> more than one location and deserves the right answer and not a flame down >>> here. >>> > >>> > It is about helping people after all I hope! >>> >>> Questions have been answered in a lengthy thread some 10 days ago: >>> http://discourse.haproxy.org/t/regarding-maxconn-parameter-i >>> n-backend-for-connection-queueing/1320/9 >>> >>> No followup questions there. >>> >>> >>> Then a new thread today, no specific question that hasn't already >>> been answered in the previous thread, no followup responses (to my >>> request to clarify the question) either: >>> http://discourse.haproxy.org/t/custom-display-message-when-s >>> etting-maxconn-in-front-end-listen-block/1382/2 >>> >>> >>> Then he moves the discussion to the mailing list, not mentioning the >>> conversations on discourse (which would prevented people - in this >>> case Jarno - from trying to explain the same thing all over again). >>> >>> >>> Its about helping people out, but that doesn't work in the long term >>> when we have people deliberately spread questions about the same topic >>> across different channels (mailing list, discourse). >>> >>> >>> >>> Lukas Tribus: >>> > Is there anything that has been answered 3 times already, or >>> > do you just like to annoy other people? >>> >>> This should have been: >>> Is there anything that has *not* been answered 3 times already? >>> >>> >>> >>> Velmurugan Dhakshnamoorthy: >>> > Apologize, my intent is not to annoy anyone >>> > [...] >>> > I am not aware this email group and discourse forum are same. >>> >>> The point is: please keep the discussion of a single topic/question >>> in a single thread (on the mailing list or discourse), unless you >>> don't get any responses. >>> >>> If something is unclear, you ought to ask for clarification, not >>> rephrase the question and ask somewhere else. >>> >>> >>> Lukas >>> >>> >> >