Hi all, Hopefully an easy one, but I can't really find the solution. We've come up with a control system for haproxy, where we manually can clear stick table entries from a GUI. We're also using a cookie to set the server in a backend as we're expecting to deal with clients behind a nat device.
It's the customers (just internal IT in another dept) request that they should be able to close down a stick table entry and have the client not be able to go to that stick-table selected server AT ALL, even when presenting a cookie. It seems to me that HA is designed to allow these cookie selected server connections irrespective of the stick table entries, so there are two ways to continue to me: 1) Have the application remove the separate cookie we insert when the application gets logged off or times out (timeout happens at 15 minutes of app idle time). 2) We get HAProxy to control the expiry time of the cookie we send over, and refresh that expiry each time a transaction happens. 3) Live with the imbalance of clients from NATted source ip addresses and ditch the cookie insertion. We would all prefer #2, since the devs don't want to spend time redeveloping, and HAProxy can seemingly do just about anything! #3 would work, but removing entries from the stick table during testing or certain maintenance may well remove more than just the intended target. Any ideas? Thanks Andy
