Re: Help Needed || haproxy limiting the connection rate per user

2016-08-30 Thread Samrat Roy 
Thank you sir for your quick reply.

I am now able to give custom error code for my HAproxy configuration.
However I am facing one more issue .

With the above approach HAproxy is rejecting each and every calls once the
limit has crossed. It is behaving as a circuit breaker . But my requirement
is to have a throttling for example every 10 second I should allow 200
request and anything more than 200 will be rejected.

Is there any way I can achieve this .Please help me to configure the same.

Thanks in advance
Samrat


On Fri, Aug 26, 2016 at 10:16 PM, Chad Lavoie <clav...@haproxy.com> wrote:

> Greetings,
>
> On 08/26/2016 09:14 AM, Samrat Roy wrote:
>
> Hello Sir,
>
>
>
> down votefavorite
> <http://stackoverflow.com/questions/39166887/haproxy-limiting-the-connection-rate-per-user#>
>
> I am trying to achieve rate limiting using HAProxy. I am trying to follow
> the "Limiting the connection rate per user" approach. I am able to achieve
> this by the below configuration. But facing one problem, that is, i am not
> able to send a custom error code once the rate limit is reached. For
> example if i reached the rate limit i want to send HTTP error code 429. In
> this case the proxy is simply rejecting the incoming call and users are
> getting http status code as 0.
>
>
> "tcp-request connection reject" rejects the connection, so there is no
> status code in this case.  If you want to send a 403 replace it with
> "http-request deny if ..." instead.
>
> If you want to respond with HTTP 429 make a backend with no backend
> servers (so that all requests will get a 503) and set a custom 503 error
> page, editing the headers at the top of the file so that the response code
> is 429 (or whatever other code/message/etc you desire).
>
> - Chad
>
> Please let me know how can i do this
>
> frontend localnodes
>
> bind *:80
> mode http
> default_backend nodes
>
> stick-table type ip size 100k expire 30s store conn_rate(5s)
> tcp-request connection reject if { src_conn_rate ge 60 }
> tcp-request connection track-sc1 src
>
> backend nodes
>
> cookie MYSRV insert indirect nocache
> server srv1 :80 check cookie srv1 maxconn 500
>
>
> Thanks
> Samrat
>
>
>

Re: Rate limiting using HAProxy

2016-09-29 Thread Samrat Roy 
Hello Sir,

Please tell me is it possible to achieve the above scenario using HAproxy.

Thanks
Samrat

On Tue, Sep 27, 2016 at 9:18 PM, Samrat Roy <samratroy@gmail.com> wrote:

> Hello Sir,
>
> I am trying to implement rate limiting feature using HAroxy. My
> requirement is to do rate limiting using a custom header . I have created
> the below config file.
>
> I have configured 40 request are allowed in 10 sec and anything above 40
> should give 429 error.
>
> But I am facing one problem while implementing this. My test scenario is
> as follows :
>
> Sl No. Number of Request/ 10 sec Result
> 1 30 All request passed
> 2 45 40 request pass and 5 gave 429 error code
> 3 60 All request gave 429
> 4 25 All request passed
>
> In the scenario number 3 my expectation is 40 request should pass and 20
> request should fail. But its failing all the requests. Remaining all
> scenarios are working as expected.Am I missing something ? Please help .
>
>
> Configuration :
>
> frontend localnodes
> bind *:80
> mode http
> default_backend nodes
> acl document_request path_beg -i /
> acl is_upload hdr_beg(CustomHeader) -i customKey
> acl too_many_uploads_by_user sc0_gpc0_rate() gt 40
> acl mark_seen sc0_inc_gpc0 gt 0
> stick-table type string size 100k expire 1s store gpc0_rate(10s)
> tcp-request content track-sc0 hdr(CustomHeader) if METH_GET or
> METH_POST document_request is_upload
> use_backend ease-up-y00 if mark_seen too_many_uploads_by_user
>
> backend nodes
> mode http
> balance roundrobin
> option forwardfor
> server srv1 127.0.0.1:8081 check
>
> backend ease-up-y00
> mode http
> errorfile 503 /etc/haproxy/errors/429rate.http
>
>
>
> Thank you in Advance.
> Samrat
>

Help Needed || haproxy limiting the connection rate per user

2016-08-26 Thread Samrat Roy 
Hello Sir,



down votefavorite


I am trying to achieve rate limiting using HAProxy. I am trying to follow
the "Limiting the connection rate per user" approach. I am able to achieve
this by the below configuration. But facing one problem, that is, i am not
able to send a custom error code once the rate limit is reached. For
example if i reached the rate limit i want to send HTTP error code 429. In
this case the proxy is simply rejecting the incoming call and users are
getting http status code as 0.Please let me know how can i do this

frontend localnodes

bind *:80
mode http
default_backend nodes

stick-table type ip size 100k expire 30s store conn_rate(5s)
tcp-request connection reject if { src_conn_rate ge 60 }
tcp-request connection track-sc1 src

backend nodes

cookie MYSRV insert indirect nocache
server srv1 :80 check cookie srv1 maxconn 500


Thanks
Samrat

Rate limiting using HAProxy

2016-09-27 Thread Samrat Roy 
Hello Sir,

I am trying to implement rate limiting feature using HAroxy. My requirement
is to do rate limiting using a custom header . I have created the below
config file.

I have configured 40 request are allowed in 10 sec and anything above 40
should give 429 error.

But I am facing one problem while implementing this. My test scenario is as
follows :

Sl No. Number of Request/ 10 sec Result
1 30 All request passed
2 45 40 request pass and 5 gave 429 error code
3 60 All request gave 429
4 25 All request passed

In the scenario number 3 my expectation is 40 request should pass and 20
request should fail. But its failing all the requests. Remaining all
scenarios are working as expected.Am I missing something ? Please help .


Configuration :

frontend localnodes
bind *:80
mode http
default_backend nodes
acl document_request path_beg -i /
acl is_upload hdr_beg(CustomHeader) -i customKey
acl too_many_uploads_by_user sc0_gpc0_rate() gt 40
acl mark_seen sc0_inc_gpc0 gt 0
stick-table type string size 100k expire 1s store gpc0_rate(10s)
tcp-request content track-sc0 hdr(CustomHeader) if METH_GET or
METH_POST document_request is_upload
use_backend ease-up-y00 if mark_seen too_many_uploads_by_user

backend nodes
mode http
balance roundrobin
option forwardfor
server srv1 127.0.0.1:8081 check

backend ease-up-y00
mode http
errorfile 503 /etc/haproxy/errors/429rate.http



Thank you in Advance.
Samrat