Hi Nick, On 11/2/20 10:26 PM, Nick Ramirez wrote: > Hello, > > In my HAProxy config, I would like to ban people for a certain amount of time > by setting a general-purpose counter from 0 to 1, where 1 = banned, in a > stick table. When the stick table entry expires, the counter is reset to 0 > and the person is un-banned. This works fine. However, I would like to ignore > this person's requests while they're banned. That way, as they make requests, > they are not continuously banning themselves. > > Consider if I use this ACL and "track" line: > > ``` > acl is_banned sc_get_gpc1(0) gt 0 > http-request track-sc0 be_name unless is_banned > ``` > > This ACL uses `sc_get_gpc1(0)` to read the value of the general-purpose > counter. When this ACL is used by the `track-sc0` line, it *resets the TTL* > on the stick table entry, which means that a person will be banned forever > unless they stop making requests. I don't want this. I want to ban them for > only 10 seconds. So, instead, I use this ACL: > > ``` > acl is_banned be_name,table_gpc1 gt 0 > http-request track-sc0 be_name unless is_banned > ``` > > By using the `table_gpc1` conveter, the TTL is *not* reset when the ACL is > used, which is good. > > My question is, is this an undocumented feature? A bug that may one day be > "fixed"? Why is there a difference between `sc_get_gpc1(0)` and > `table_table_gpc1gpc1`, where the former resets the TTL on the stick table > entry, but the latter does not? > > Also, if this is a bug, would it be helpful to have a parameter on the > track-sc0 line that allows me to opt in to not resetting the TTL? > > Thank you, > Nick Ramirez >
Reading the code I didn't see any fetches sc_get_gpc1 nor table_gpc1 updating entry expiration. Only the evaluation of the http-request trasck-sc0 will do. R, Emeric
