Re: HAProxy concurrent HTTP query limit based on header
Hi, On Fri, 2020-04-17 at 20:22 +0200, Olivier D wrote: > Hello everyone, > I would like to implement a "max concurrent connection" in HAProxy. > This is easy to do at TCP level : > > stick-table type ipv6 size 100k expire 30s store conn_cur > http-request track-sc0 src > http-request deny deny_status 429 if { src_conn_cur ge 20 } > > But now, I want to do the same for concurrent HTTP queries, based on > header 'X-Forwarded-For'. For example, I want to send a 429 error > code if someone is sending an HTTP query when he already have 20 > ongoing. > > My first tries are based on something like this : >stick-table type ipv6 size 100k expire 30s store > http_req_rate(10s) >http-request track-sc0 req.hdr( X-Forwarded-For ) Does it work if you use: http-request track-sc0 req.hdr_ip(X-Forwarded-For) ( https://cbonte.github.io/haproxy-dconv/2.0/configuration.html#7.3.6-req.hdr_ip ) Do you get any entries in the stick-table (show table ... command to stats socket). -Jarno >http-request deny deny_status 429 if { sc0_conn_cur ge 20 } > > but it doesn't seem to work the way I want ... -- Jarno Huuskonen
Re: HAProxy concurrent HTTP query limit based on header
Le ven. 17 avr. 2020 à 20:49, Tim Düsterhus a écrit : > Olivier, > > Am 17.04.20 um 20:22 schrieb Olivier D: > > My first tries are based on something like this : > >stick-table type ipv6 size 100k expire 30s store http_req_rate(10s) > Not sure whether that's just an error in your email, but: You store a > http_req_rate, not a number of connections. > You are correct, last test was stick-table type ipv6 size 100k expire 30s store conn_cur but It seems to not do what I want. I'll check again on monday with some rest :) Olivier > > >http-request track-sc0 req.hdr( X-Forwarded-For ) > >http-request deny deny_status 429 if { sc0_conn_cur ge 20 } > > > > Best regards > Tim Düsterhus >
Re: HAProxy concurrent HTTP query limit based on header
Olivier, Am 17.04.20 um 20:22 schrieb Olivier D: > My first tries are based on something like this : >stick-table type ipv6 size 100k expire 30s store http_req_rate(10s) Not sure whether that's just an error in your email, but: You store a http_req_rate, not a number of connections. >http-request track-sc0 req.hdr( X-Forwarded-For ) >http-request deny deny_status 429 if { sc0_conn_cur ge 20 } > Best regards Tim Düsterhus
HAProxy concurrent HTTP query limit based on header
Hello everyone, I would like to implement a "max concurrent connection" in HAProxy. This is easy to do at TCP level : stick-table type ipv6 size 100k expire 30s store conn_cur http-request track-sc0 src http-request deny deny_status 429 if { src_conn_cur ge 20 } But now, I want to do the same for concurrent HTTP queries, based on header 'X-Forwarded-For'. For example, I want to send a 429 error code if someone is sending an HTTP query when he already have 20 ongoing. My first tries are based on something like this : stick-table type ipv6 size 100k expire 30s store http_req_rate(10s) http-request track-sc0 req.hdr( X-Forwarded-For ) http-request deny deny_status 429 if { sc0_conn_cur ge 20 } but it doesn't seem to work the way I want ... Now I'm a bit lost, but maybe someone already implemented this ? Thank you ! Olivier