I have this lines in the Table per_ip_and_url_rates.
Is there a easy way to know which URL+src the key is?

# table: per_ip_and_url_rates, type: binary, size:1048576, used:56781
0x559813fc9200: key=xxx use=0 exp=85821390 http_req_rate(86400000)=27
0x7fef40373630: key=xxxx use=0 exp=86380499 http_req_rate(86400000)=4494

I used this blog post as base for the table.


That's the backend definition with HA-Proxy version 2.1.4-1ppa1~bionic

frontend https-in

  bind :::443 v4v6 alpn h2,http/1.1 ssl ca-file {{ ansible_nodename 
}}/fullchain.pem crt /etc/ssl/haproxy/

  tcp-request inspect-delay 5s
  tcp-request content accept if { req_ssl_hello_type 1 }

  # DNS labels are case insensitive (RFC 4343), we need to convert the hostname 
into lowercase
  # before matching, or any requests containing uppercase characters will never 
  # http-request set-header Host %[req.hdr(Host),lower]

  http-request track-sc0 src table per_ip_rates
  # https://www.haproxy.com/blog/bot-protection-with-haproxy/
  # track client's source IP + URL accessed in
  # per_ip_and_url_rates stick table
  http-request track-sc1 url32+src table per_ip_and_url_rates unless { path_end 
.css .js .png .gif }
  # Set the threshold to 15 within the time period
  acl exceeds_limit sc_gpc0_rate(0) gt 20

  # Increase the new-page count if this is the first time
  # they've accessed this page, unless they've already
  # exceeded the limit
  #http-request sc-inc-gpc0(0) if { sc_http_req_rate(1) eq 1 } !exceeds_limit

  # Deny requests if over the limit
  #http-request deny deny_status 429 if exceeds_limit

  # 10 requests per second
  #http-request deny deny_status 429 if { sc_http_req_rate(0) gt 200 }

  # Strip off Proxy headers to prevent HTTpoxy (https://httpoxy.org/)
  http-request del-header Proxy

  declare capture request len 128
  declare capture request len 148
  declare capture request len 148

  http-request capture req.hdr(host) len 148

  # Add CORS response header
  acl is_cors_preflight method OPTIONS
  http-response add-header Access-Control-Allow-Origin "*" if is_cors_preflight
  http-response add-header Access-Control-Allow-Methods "GET,POST" if 
  http-response add-header Access-Control-Allow-Credentials "true" if 
  http-response add-header Access-Control-Max-Age "600" if is_cors_preflight

  use_backend be_nginx if { path_beg /.well-known/acme-challenge/ }

Thanks for help.



Reply via email to