On 26.01.21 20:27, Aleksandar Lazic wrote:
Hi.
On 26.01.21 05:54, Sangameshwar Babu wrote:
> Hello Team,
>
> I would like to get some suggestions on setting up ratelimit on HAProxy 1.8
version,
> my current setup is as below.
>
> 1000+ rsyslog clients(TCP) -> HAProxy (TCP mode) -> backend centralized
rsyslog server.
>
> I have the below stick table and acl's through which I am able to mark a
source as
> "abuse" if the client crosses the limit post which all new connections from
the
> same client are rejected until stick table timer expires.
>
> haproxy.cfg
> -----------------
> stick-table type ip size 200k expire 2m store
gpc0,conn_rate(2s),bytes_in_rate(1s),bytes_in_cnt
>
> acl data_rate_abuse sc1_bytes_in_rate ge 100
> acl data_size_abuse sc1_kbytes_in ge 1
>
> tcp-request connection silent-drop if data_rate_abuse
> tcp-request connection reject if data_size_abuse
>
> However I would like to configure in such a way that once a client sends
about
> "x bytes" of data the connection should be closed instantly instead of
marking it
> abuse and simultaneous connections being rejected.
+1
I have a similar issue and hope that we get suggestions to get a answer here.
> Kindly let me know if the above can be configured with HAProxy version 1.8.
I will need it for 2.2+
Looks like this feature is not yet available when I look into the roadmap.
There is a "bandwidth limits" entry.
http://git.haproxy.org/?p=haproxy.git;a=blob;f=ROADMAP;h=a797b84eb95298807cefa03edaa69583d8007c5b;hb=HEAD#l22
I have seen there also some points which are already implemented therefore I
will send a patch to update the roadmap.
> BR
> Sangam
Regards
Aleks
