Hi Bradford,
To send to violators to a different backend, based of the example I used in
that post you want something like:
In Frontend:
use_backend go-away if source_is_abuser
Then a backend like:
backend go-away
mode http
errorfile 503 /etc/haproxy/errors/503rate.http
Not
My whole concern is simplifying the rate limiting process and being able to
have it work with https traffic (where it's not susceptible to spoofing).
Can HAProxy do the latter without its own HTTPS implementation?
Thanks for the tip and the post, Kyle.
Bradford
On Tue, Apr 19, 2011 at 11:38 AM,
Simplification is not always possible. You must use the tools at hand.
Reading the article you linked to everything seemed pretty
straightforward to me. A feature like rate limiting can only be
simplified so much.
That said, look into using stunnel for your SSL decryption. There is a
patch that
Excellent point, Jonathan. So, would having HAProxy support/implement HTTPS
be the only way to allow HTTPS rate limiting (in HTTPS only and HTTP and
HTTPS mixed environments)?
As for my other point. Have you looked at the sample configuration on
http://blog.serverfault.com/post/1016491873/
On 6 April 2011 16:42, bradford fingerm...@gmail.com wrote:
Also, in a previous email I mentioned something about
X-Forwarded-For IP addresses being comma delimited. This table would have
to take that into consideration, I guess.
No it shouldn't.
If you rate-limit based on information that
I just found out that HAProxy can do rate limiting. This is pretty cool.
The HAProxy website points to a ServerFault blog post that does not exist.
Can someone please correct the URL:
http://blog.serverfault.com/post/1016491873/
Also, is there a way to simplify the process of rate limiting.
6 matches
Mail list logo
