Re: Help Needed || haproxy limiting the connection rate per user

[Chad Lavoie]

Greetings,


On 08/30/2016 01:10 PM, Samrat Roy wrote:

Thank you sir for your quick reply.

I am now able to give custom error code for my HAproxy configuration. 
However I am facing one more issue .


With the above approach HAproxy is rejecting each and every calls once 
the limit has crossed. It is behaving as a circuit breaker . But my 
requirement is to have a throttling for example every 10 second I 
should allow 200 request and anything more than 200 will be rejected.


There are two ways I can think to interpret your question:
1) You want to have a tick every 10 seconds which resets the counter to zero
2) You want to not count requests over the limit (which get blocked) to 
count to the blocking


For 1 you would need a script to talk to the socket, and I'd not advise 
doing that unless you know what you are doing and why there is no 
cleaner alternative.
For 2 I'd add gpc0,gpc0_rate(10s) to the stick table in place of 
conn_rate, then use something like the following:

http-request allow if { sc_inc_gpc0(0) }
After the use_backend statement.  Then instead of checking conn_rate 
check sc_gpc0_rate(0) per 
http://cbonte.github.io/haproxy-dconv/1.7/configuration.html#7.3.3-sc_gpc0_rate.


Because in that case gpc0 will only be incremented if the request 
doesn't end up at the custom backend/blocked/etc that should fill your 
needs there.


Thanks,
- Chad


Is there any way I can achieve this .Please help me to configure the same.

Thanks in advance
Samrat


On Fri, Aug 26, 2016 at 10:16 PM, Chad Lavoie > wrote:


Greetings,


On 08/26/2016 09:14 AM, Samrat Roy wrote:

Hello Sir,



down votefavorite





I am trying to achieve rate limiting using HAProxy. I am trying
to follow the "Limiting the connection rate per user" approach. I
am able to achieve this by the below configuration. But facing
one problem, that is, i am not able to send a custom error code
once the rate limit is reached. For example if i reached the rate
limit i want to send HTTP error code 429. In this case the proxy
is simply rejecting the incoming call and users are getting http
status code as 0.



"tcp-request connection reject" rejects the connection, so there
is no status code in this case.  If you want to send a 403 replace
it with "http-request deny if ..." instead.

If you want to respond with HTTP 429 make a backend with no
backend servers (so that all requests will get a 503) and set a
custom 503 error page, editing the headers at the top of the file
so that the response code is 429 (or whatever other
code/message/etc you desire).

- Chad


Please let me know how can i do this

frontend localnodes

|bind *:80 mode http default_backend nodes stick-table type ip
size 100k expire 30s store conn_rate(5s) tcp-request connection
reject if { src_conn_rate ge 60 } tcp-request connection
track-sc1 src |

backend nodes

|cookie MYSRV insert indirect nocache server srv1 :80
check cookie srv1 maxconn 500 |


Thanks
Samrat

Re: Help Needed || haproxy limiting the connection rate per user

[Samrat Roy]

Thank you sir for your quick reply.

I am now able to give custom error code for my HAproxy configuration.
However I am facing one more issue .

With the above approach HAproxy is rejecting each and every calls once the
limit has crossed. It is behaving as a circuit breaker . But my requirement
is to have a throttling for example every 10 second I should allow 200
request and anything more than 200 will be rejected.

Is there any way I can achieve this .Please help me to configure the same.

Thanks in advance
Samrat


On Fri, Aug 26, 2016 at 10:16 PM, Chad Lavoie  wrote:

> Greetings,
>
> On 08/26/2016 09:14 AM, Samrat Roy wrote:
>
> Hello Sir,
>
>
>
> down votefavorite
> 
>
> I am trying to achieve rate limiting using HAProxy. I am trying to follow
> the "Limiting the connection rate per user" approach. I am able to achieve
> this by the below configuration. But facing one problem, that is, i am not
> able to send a custom error code once the rate limit is reached. For
> example if i reached the rate limit i want to send HTTP error code 429. In
> this case the proxy is simply rejecting the incoming call and users are
> getting http status code as 0.
>
>
> "tcp-request connection reject" rejects the connection, so there is no
> status code in this case.  If you want to send a 403 replace it with
> "http-request deny if ..." instead.
>
> If you want to respond with HTTP 429 make a backend with no backend
> servers (so that all requests will get a 503) and set a custom 503 error
> page, editing the headers at the top of the file so that the response code
> is 429 (or whatever other code/message/etc you desire).
>
> - Chad
>
> Please let me know how can i do this
>
> frontend localnodes
>
> bind *:80
> mode http
> default_backend nodes
>
> stick-table type ip size 100k expire 30s store conn_rate(5s)
> tcp-request connection reject if { src_conn_rate ge 60 }
> tcp-request connection track-sc1 src
>
> backend nodes
>
> cookie MYSRV insert indirect nocache
> server srv1 :80 check cookie srv1 maxconn 500
>
>
> Thanks
> Samrat
>
>
>

Re: Help Needed || haproxy limiting the connection rate per user

[Chad Lavoie]

Greetings,


On 08/26/2016 09:14 AM, Samrat Roy wrote:

Hello Sir,



down votefavorite 
 




I am trying to achieve rate limiting using HAProxy. I am trying to 
follow the "Limiting the connection rate per user" approach. I am able 
to achieve this by the below configuration. But facing one problem, 
that is, i am not able to send a custom error code once the rate limit 
is reached. For example if i reached the rate limit i want to send 
HTTP error code 429. In this case the proxy is simply rejecting the 
incoming call and users are getting http status code as 0.




"tcp-request connection reject" rejects the connection, so there is no 
status code in this case.  If you want to send a 403 replace it with 
"http-request deny if ..." instead.


If you want to respond with HTTP 429 make a backend with no backend 
servers (so that all requests will get a 503) and set a custom 503 error 
page, editing the headers at the top of the file so that the response 
code is 429 (or whatever other code/message/etc you desire).


- Chad


Please let me know how can i do this

frontend localnodes

|bind *:80 mode http default_backend nodes stick-table type ip size 
100k expire 30s store conn_rate(5s) tcp-request connection reject if { 
src_conn_rate ge 60 } tcp-request connection track-sc1 src |


backend nodes

|cookie MYSRV insert indirect nocache server srv1 :80 check 
cookie srv1 maxconn 500 |



Thanks
Samrat

Help Needed || haproxy limiting the connection rate per user

[Samrat Roy]

Hello Sir,



down votefavorite


I am trying to achieve rate limiting using HAProxy. I am trying to follow
the "Limiting the connection rate per user" approach. I am able to achieve
this by the below configuration. But facing one problem, that is, i am not
able to send a custom error code once the rate limit is reached. For
example if i reached the rate limit i want to send HTTP error code 429. In
this case the proxy is simply rejecting the incoming call and users are
getting http status code as 0.Please let me know how can i do this

frontend localnodes

bind *:80
mode http
default_backend nodes

stick-table type ip size 100k expire 30s store conn_rate(5s)
tcp-request connection reject if { src_conn_rate ge 60 }
tcp-request connection track-sc1 src

backend nodes

cookie MYSRV insert indirect nocache
server srv1 :80 check cookie srv1 maxconn 500


Thanks
Samrat