rate-limit sessions not consistent between ssl and non ssl traffic

Jérôme Magnin Wed, 24 Jan 2018 05:39:02 -0800

Hi,

I've been toying with haproxy and rate limiting lately, and noticed an odd
behavior with rate-limit sessions, or maybe I misunderstood how it is supposed
to be used.


I'm using the following config:

global
    maxconn     20000
    log         127.0.0.1 local0
    user        haproxy
    chroot      /usr/share/haproxy
    pidfile     /run/haproxy.pid
    daemon
        stats socket /var/run/haproxy.sock

defaults
        mode http

frontend  fe_foo
    bind *:1234
    bind *:1235 ssl crt /etc/haproxy/www.pem
    rate-limit sessions 10
    default_backend be_foo

backend be_foo
    server s1 127.0.0.1:8001

I'm using ab to send traffic to the frontend.

1/ ab -c 40 -n 100 http://127.0.0.1:1234/

the output of show info shows maxconnrate 10 and maxsessrate 10.
This is coherent with the value I set for rate-limit sessions.

2/ ab -c 40 -n 100 https://127.0.0.1:1235/

the output of show info shows maxconnrate, maxsslrate, maxsessrate and
sslfrontendmaxkeyrate equal 40, 4 times the value for my rate-limit sessions.

Am I doing something wrong here ?

thanks,
Jérôme

rate-limit sessions not consistent between ssl and non ssl traffic

Reply via email to