Hi,
i'm running Haproxy 1.8.21 on a Debian 9 Box.
We use stick-tables to track http-connections and http-error-rate and
block clients (bots) that cause a high error-rate. But Today i recognize
a lot of 400 / Bad Requests Error (~15/s) in the logs. The rate
definitely exceeds the defined limit, but the ip-address wasn't blocked.
Therefor my question, does HTTP-Error 400 not increase the http_err_rate
Counter? The state is CR, so the requests do not reach our
backend-servers, but my expectation is, that they get blocked at the
loadbalancer. The below configuration works fine with 404 or 401 errors.
Here's a sample logfile entry:
Dec 11 11:56:40 lb01 haproxy[41488]: [REDACTED]:3641
[11/Dec/2019:11:56:40.103] production~ production/<NOSRV> -1/-1/-1/-1/98
400 0 - - CR-- 461/461/0/0/0 0/0 "<BADREQ>"
Configuration:
stick-table type ip size 5M expire 2h store
http_req_rate(60s),http_err_rate(60s),gpt0
http-request track-sc0 src unless { src -f /etc/haproxy/whitelist.acl }
http-request sc-set-gpt0(0) 1 if { sc_http_err_rate(0) ge LIMIT }
tcp-request connection reject if { src,table_gpt0(production) eq 1 }
Best Regards
Marco
