Thanks Jamo!
This is just what we were looking for!


On Tue, May 15, 2018 at 10:17 PM, Jarno Huuskonen <jarno.huusko...@uef.fi>
wrote:

> Hi,
>
> On Fri, May 11, Mihir Shirali wrote:
> > I did look up some examples for setting 503 - but all of them (as you've
> > indicated) seem based on src ip or src header. I'm guessing this is more
> > suitable for a DOS/DDOS  attack? In our deployment, the likelihood of
> > getting one request from multiple clients is more than multiple requests
> > from a single client.
>
> Can you explain how/when(on what condition) you'd like to limit the number
> of requests and haproxy return 503 status to clients (429 seems more
> appropriate status code for this) ?
>
> If you just want haproxy to return 503 for all new requests when
> there're X number of sessions/connections/session rate then
> take a look at fe_conn, fe_req_rate, fe_sess_rate, be_conn and
> be_sess_rate
> (https://cbonte.github.io/haproxy-dconv/1.8/configuration.html#7.3.2-fe_
> conn)
> so for example something like
> http-request deny deny_status 503 if { fe_req_rate gt 50 }
>
> > As an update the rate-limit directive has helped. However, the only
> problem
> > is that the client does not know that the server is busy and *could* time
> > out. It would be great if it were possible to somehow send a 503 out , so
> > the clients could retry after a random time.
>
> -Jarno
>
> --
> Jarno Huuskonen
>



-- 
Regards,
Mihir

Reply via email to