Re: Count uniq Client ips
Aleks, Am 15.10.20 um 22:54 schrieb Aleksandar Lazic: > I need to know how many concurrent clients request *NOW* a specific URL > and display > it in prometheus and limit access to max client let's say 50 per url. > > That's my requirement. Using a stick table keyed using the `base32` fetch (or possibly using a str key and the `path` fetch) and then using the `table_conn_cur` fetch should provide the necessary information. Best regards Tim Düsterhus
Re: Count uniq Client ips
Tim. On 15.10.20 19:05, Tim Düsterhus wrote: Aleks, Am 15.10.20 um 14:08 schrieb Aleksandar Lazic: The target is to know how much concurrent IP's request the a specific URL. What *exactly* would you like to extract? Do you actually want concurrent IP addresses? Log parsing then would be impossible by definition. I need to know how many concurrent clients request *NOW* a specific URL and display it in prometheus and limit access to max client let's say 50 per url. That's my requirement. Agree that the logfile is the wrong way to get this information's. Best regards Tim Düsterhus Regards Aleks
Re: Too many response errors
Based on this comment is this related to the client and there is no problem on the server side? https://github.com/haproxy/haproxy/blob/master/include/haproxy/channel-t.h#L68 On Wed, Oct 14, 2020 at 3:29 PM Seena Fallah wrote: > Hi. > > I'm facing many response errors from my backends and I have checked the > logs but there were no 5xx errors for these response errors! It seems I'm > in this section of code and because I use http-server-close it will count > failed_resp! > https://github.com/haproxy/haproxy/blob/master/src/http_ana.c#L1648-L1667 > Can you please explain why keep-alive connections won't count this and > what actually is this? > > Using haproxy 2.2.4 on docker > > Thanks. >
RE: Heath check responds up even when server is down
Correct - nothing in the logs that show L7TOUT/L7RSP. I actually change the check interval to 2s when testing so I don't have to wait as long when testing. -Original Message- From: Christopher Faulet Sent: Thursday, October 15, 2020 09:02 To: Wesley Lukehart ; haproxy@formilux.org Subject: Re: Heath check responds up even when server is down Le 15/10/2020 à 03:27, Wesley Lukehart a écrit : > Hello fine people. Short time lurker, first time poster. > > Was on version 2.0.5 with CentOS 7.6 and everything was working fine > with Exchange 2019. > > Upgraded to 2.2.3 and now when we put Exchange into maintenance mode > HAProxy does not change status - it reports that all services are still up > (L7OK/200). > > Example backend: > > backend be_ex2019_oab > > mode http > > balance roundrobin > > option httpchk GET /oab/healthcheck.htm > > option log-health-checks > > http-check expect status 200 > > server :443 check ssl inter 15s verify > required ca-file > > server :443 check ssl inter 15s verify > required ca-file > > If I stop the app pool for a service in IIS, or stop all of IIS, > HAProxy will properly show the service/services as down - as it gets a > non 200 response (503 or 404). > > When putting the Exchange server into maintenance mode, there is no http > response. > > When I check with a browser I get "ERR_HTTP2_PROTOCOL_ERROR" or > "Secure Connection Failed". Basically no response. > > When I check with wget from the haproxy server I get "HTTP request > sent, awaiting response... Read error (Connection reset by peer) in headers." > > Yet HAProxy is happy and continues to try to send mail to the down > server - not good. > > Any Ideas? > > I just tried 2.2.4 and no joy. > Hi, Just to be sure, when you says HAProxy still see the server up, there is no Health check errors in your logs ? No L7TOUT/L7RSP ? Because with your configuration and a default "fall" server parameter (3), you should wait at least 45s (3 x 15s) to see the server down. -- Christopher Faulet
RE: Heath check responds up even when server is down
Thanks for the suggestion. I tried this and there was no change in behavior. -Original Message- From: Jarno Huuskonen Sent: Thursday, October 15, 2020 00:25 To: Wesley Lukehart ; haproxy@formilux.org Subject: Re: Heath check responds up even when server is down Hi, On Thu, 2020-10-15 at 01:27 +, Wesley Lukehart wrote: > Hello fine people. Short time lurker, first time poster. > > Was on version 2.0.5 with CentOS 7.6 and everything was working fine > with Exchange 2019. > Upgraded to 2.2.3 and now when we put Exchange into maintenance mode > HAProxy does not change status – it reports that all services are > still up (L7OK/200). > > Example backend: > backend be_ex2019_oab > mode http > balance roundrobin > option httpchk GET /oab/healthcheck.htm > option log-health-checks > http-check expect status 200 > server :443 check ssl inter 15s verify > required ca-file > server :443 check ssl inter 15s verify > required ca-file > > If I stop the app pool for a service in IIS, or stop all of IIS, > HAProxy will properly show the service/services as down – as it gets a > non 200 response (503 or 404). > > When putting the Exchange server into maintenance mode, there is no > http response. > When I check with a browser I get “ERR_HTTP2_PROTOCOL_ERROR” or > “Secure Connection Failed”. Basically no response. > When I check with wget from the haproxy server I get “HTTP request > sent, awaiting response... Read error (Connection reset by peer) in headers.” > Yet HAProxy is happy and continues to try to send mail to the down > server – not good. > > Any Ideas? Does the health check work if you try with something like this: option httpchk http-check connect ssl http-check send meth GET uri /oab/healthcheck.htm ver HTTP/1.1 hdr Host somehost.example.org http-check expect status 200 ( https://cbonte.github.io/haproxy-dconv/2.2/configuration.html#4.2-http-check%20connect ) -Jarno -- Jarno Huuskonen
Re: Count uniq Client ips
Aleks, Am 15.10.20 um 14:08 schrieb Aleksandar Lazic: > The target is to know how much concurrent IP's request the a specific URL. What *exactly* would you like to extract? Do you actually want concurrent IP addresses? Log parsing then would be impossible by definition. Best regards Tim Düsterhus
Re: Heath check responds up even when server is down
Le 15/10/2020 à 03:27, Wesley Lukehart a écrit : Hello fine people. Short time lurker, first time poster. Was on version 2.0.5 with CentOS 7.6 and everything was working fine with Exchange 2019. Upgraded to 2.2.3 and now when we put Exchange into maintenance mode HAProxy does not change status – it reports that all services are still up (L7OK/200). Example backend: backend be_ex2019_oab mode http balance roundrobin option httpchk GET /oab/healthcheck.htm option log-health-checks http-check expect status 200 server :443 check ssl inter 15s verify required ca-file server :443 check ssl inter 15s verify required ca-file If I stop the app pool for a service in IIS, or stop all of IIS, HAProxy will properly show the service/services as down – as it gets a non 200 response (503 or 404). When putting the Exchange server into maintenance mode, there is no http response. When I check with a browser I get “ERR_HTTP2_PROTOCOL_ERROR” or “Secure Connection Failed”. Basically no response. When I check with wget from the haproxy server I get “HTTP request sent, awaiting response... Read error (Connection reset by peer) in headers.” Yet HAProxy is happy and continues to try to send mail to the down server – not good. Any Ideas? I just tried 2.2.4 and no joy. Hi, Just to be sure, when you says HAProxy still see the server up, there is no Health check errors in your logs ? No L7TOUT/L7RSP ? Because with your configuration and a default "fall" server parameter (3), you should wait at least 45s (3 x 15s) to see the server down. -- Christopher Faulet
Re: Count uniq Client ips
Hi Adis,
On 15.10.20 15:03, Adis Nezirovic wrote:
On 10/15/20 2:08 PM, Aleksandar Lazic wrote:
Hi.
I though maybe the peers could help me when I yust add the client IP
with the URL but I'm not sure if I can query the peers store in a efficient way.
The target is to know how much concurrent IP's request the a specific URL.
Could lua be a solution.
Hey Aleks,
I'm not sure Lua would be the right solution for your situation, counting stuff
is tricky.
Hm so you mean that lua could be a performance bottleneck for youtube scale ?
As I haven't used lua in haproxy or nginx I have no experience how it behaves
on high
traffic sites.
I thought to use something like this but "proc" wide
function action(txn)
-- Get source IP
local clientip = txn.f:src()
local url = txn.sf:path_beg("/MY_URL")
save_in_global_hash(clientip+url)
end
and query this save_in_global_hash with a service.
However, I think Redis has INCR, you you can store per URL counters and maybe (just maybe)
use Lua action in HAProxy to write to Redis.
Obviously, you'd need to look out for performance, added latency etc, but it
would be a start.
You can then access Redis outside of the HAProxy context and observe the
counters.
Maybe the stick tables could also be a solution because I use it already for
limiting access.
```
#
https://www.haproxy.com/blog/application-layer-ddos-attack-protection-with-haproxy/
http-request track-sc0 src table per_ip_rates
```
# table: per_ip_rates, type: ip, size:1048576, used:3918
0x7f3c58fa9620: key= use=0 exp=597470 http_req_rate(1)=1
0x7f3c4d299960: key= use=0 exp=588433 http_req_rate(1)=2
0x7f3c50cc8830: key= use=0 exp=241004 http_req_rate(1)=0
0x7f3c5c6b3eb0: key= use=0 exp=586046 http_req_rate(1)=1
...
```
Can i add there a URL part like path_beg("/MYURL")
Just my 2c, hope it helps you (like you helped many people on this list)
Thank you for your input.
Best regards,
Re: Count uniq Client ips
On 10/15/20 2:08 PM, Aleksandar Lazic wrote: Hi. I though maybe the peers could help me when I yust add the client IP with the URL but I'm not sure if I can query the peers store in a efficient way. The target is to know how much concurrent IP's request the a specific URL. Could lua be a solution. Hey Aleks, I'm not sure Lua would be the right solution for your situation, counting stuff is tricky. However, I think Redis has INCR, you you can store per URL counters and maybe (just maybe) use Lua action in HAProxy to write to Redis. Obviously, you'd need to look out for performance, added latency etc, but it would be a start. You can then access Redis outside of the HAProxy context and observe the counters. Just my 2c, hope it helps you (like you helped many people on this list) Best regards, -- Adis Nezirovic Software Engineer HAProxy Technologies - Powering your uptime! 375 Totten Pond Road, Suite 302 | Waltham, MA 02451, US +1 (844) 222-4340 | https://www.haproxy.com
Count uniq Client ips
Hi. I have a quite tricky requirement and hope to get some input for a efficient solution. I use a haproyx in front of a streaming server. The access log, in json format, writes out the http request to syslog which is this plugin https://github.com/influxdata/telegraf/tree/release-1.14/plugins/inputs/syslog Now I tried with https://github.com/influxdata/telegraf/tree/release-1.14/plugins/processors/dedup to get unique IP's but that's quite unprecise. I though maybe the peers could help me when I yust add the client IP with the URL but I'm not sure if I can query the peers store in a efficient way. The target is to know how much concurrent IP's request the a specific URL. Could lua be a solution. Thanks for any ideas. Best regards Aleks
Re: Heath check responds up even when server is down
Hi, On Thu, 2020-10-15 at 01:27 +, Wesley Lukehart wrote: > Hello fine people. Short time lurker, first time poster. > > Was on version 2.0.5 with CentOS 7.6 and everything was working fine with > Exchange 2019. > Upgraded to 2.2.3 and now when we put Exchange into maintenance mode > HAProxy does not change status – it reports that all services are still up > (L7OK/200). > > Example backend: > backend be_ex2019_oab > mode http > balance roundrobin > option httpchk GET /oab/healthcheck.htm > option log-health-checks > http-check expect status 200 > server :443 check ssl inter 15s verify required > ca-file > server :443 check ssl inter 15s verify required > ca-file > > If I stop the app pool for a service in IIS, or stop all of IIS, HAProxy > will properly show the service/services as down – as it gets a non 200 > response (503 or 404). > > When putting the Exchange server into maintenance mode, there is no http > response. > When I check with a browser I get “ERR_HTTP2_PROTOCOL_ERROR” or “Secure > Connection Failed”. Basically no response. > When I check with wget from the haproxy server I get “HTTP request sent, > awaiting response... Read error (Connection reset by peer) in headers.” > Yet HAProxy is happy and continues to try to send mail to the down server > – not good. > > Any Ideas? Does the health check work if you try with something like this: option httpchk http-check connect ssl http-check send meth GET uri /oab/healthcheck.htm ver HTTP/1.1 hdr Host somehost.example.org http-check expect status 200 ( https://cbonte.github.io/haproxy-dconv/2.2/configuration.html#4.2-http-check%20connect ) -Jarno -- Jarno Huuskonen
