Re: timeout gated by ACL is enforced regardless of ACL match set
Bertrand, Thank you, that is exactly what I was looking for. A new back end it is!. If I discover anything new about the instant 408, I'll report back. Thank you. Adam On Wed, May 21, 2014 at 5:24 PM, Bertrand Jacquin be...@meleeweb.netwrote: Hi Adam, On 2014-05-21 21:45, Adam Bruehl wrote: I added the following to one of my front ends. acl abuse_users src -f /etc/haproxy/abuse_users.lst timeout http-request 5s if abuse_users Unfortunately, you cannot use any condition on 'timeout' keyword, they are simply ignored. There have been another a similar topic lately on this ML : http://marc.info/?l=haproxym=140058111320423w=2 -- Bertrand
timeout gated by ACL is enforced regardless of ACL match set
Hey, So I was tweaking some haproxy rules and ran into something I found a little odd. I added the following to one of my front ends. acl abuse_users src -f /etc/haproxy/abuse_users.lst timeout http-request 5s if abuse_users My belief was the 5s timeout would ONLY apply to IPs in the abuse_users ACL. However, we observed this effecting a number of users receiving 408 errors that are not in the list. So, it appears the 'timeout http-request 5s' was being enforced on all users regardless of the 'if abuse_users'. HAProxy also had logs indicating the 408 errors were a result of a 5s timeout This is the only 5s timeout in the config. (assuming there are no defaults that could do this) Also, I believe there was a secondary issue (which is the really odd part). The 408 errors were received by the end user nearly instantly when a request was made (100ms after start). I have a have a feeling my keep alive is longer (or can be longer) than the http-request timeout. I have no idea what to make of this part. I also just upgraded to 1.5-dev25 last week so this may be a bug in the dev branch. I was wondering if anyone had any thoughts, comments or suggestions about this? Thanks in advance, Adam
Re: timeout gated by ACL is enforced regardless of ACL match set
Hi Adam, On 2014-05-21 21:45, Adam Bruehl wrote: I added the following to one of my front ends. acl abuse_users src -f /etc/haproxy/abuse_users.lst timeout http-request 5s if abuse_users Unfortunately, you cannot use any condition on 'timeout' keyword, they are simply ignored. There have been another a similar topic lately on this ML : http://marc.info/?l=haproxym=140058111320423w=2 -- Bertrand