Using sticky-tables and keys from backends

Mon, 04 Dec 2017 08:22:01 -0800 

Hello Guys,

I'm sorry to botter you ! I'm a beginner with HAProxy and I'm very excited
with all the capabilities, the documentation is very complete and rich but
exactly too rich to be understood quickly :-)

My question ...

I'm tracking http requests rates in a backend sticky-table (let's say
"api-b2b") based on header authorization value.

This tracking is working fine, I can see the sticky tables entries with
socat and the request rate for the specified user based on his
Authorization Header value as "key".

I would like to block (deny or tarpit) requests on the frontend side when,
for exemple, the rate is greater than 10, I can us the specified counter
from the table but I didn't find out how to check for the specified
Authorization Header value from the incoming requests...something like acl
too-much-requests-b2b sc0_http_req_rate(api-b2b) gt 10 (where I can set the
<key>, I mean hdr(Authorization), or how to do this...

Thank you really much for any help !

Best regards !

My config...

------------------------------------------------------------------------------------------------------------------------

frontend http
        bind *:80
        mode http
        stats uri /stats

        default_backend api-gateway

        # backend b2b
        acl is_b2b path_beg -i /b2b
        use_backend api-b2b if is_b2b

        # backend b2c
        acl is_b2c path_beg -i /b2c
        use_backend api-b2c if is_b2c

        # store req rate for further
purposes
        stick-table type ip size 1m expire 30s store http_req_rate(60s)
        tcp-request connection track-sc0 src

        # block requests if rate greater is than 10
        acl too-much-requests-b2b sc0_http_req_rate(api-b2b) gt 10
        acl too-much-requests-b2c sc0_http_req_rate(api-b2c) gt 30

        http-request deny if is_b2b too-much-requests-b2b
        http-request deny if is_b2c too-much-requests-b2c

backend api-gateway
        server api-gateway-g1 localhost:8080 check
        server api-gateway-g2 localhost:8081 check

backend api-b2b
        balance hdr(Authorization)
        server api-gateway-g1 localhost:8080 check
        server api-gateway-g2 localhost:8081 check
        stick-table type string size 1m store http_req_rate(10s)
        tcp-request content track-sc0 hdr(Authorization)

backend api-b2c
        balance hdr(Authorization)
        server api-gateway-g1 localhost:8080 check
        server api-gateway-g2 localhost:8081 check
        stick-table type string size 1m store http_req_rate(10s)
        tcp-request content track-sc0 hdr(Authorization)

Reply via email to