Re: Using operators in ACLs

2016-02-24 Thread Dmitry Sivachenko 

> On 24 Feb 2016, at 14:07, Willy Tarreau  wrote:
> 
> On Wed, Feb 24, 2016 at 01:36:39PM +0300, Dmitry Sivachenko wrote:
>> I do have "mode http" (I intentionally put it here with a comment).
>> Will it work only for tcp-mode frontend?
>> Or should I use tcp-request for tcp frontend and http-request for http 
>> frontend?
> 
> Both tcp-request and http-request will work in your HTTP frontend. My point
> is that if your frontend is in HTTP mode, you won't be able to direct the
> traffic to a TCP backend, the config parser will reject this.


Ah, yes, I see.  Thanks for the explanation.

Re: Using operators in ACLs

2016-02-24 Thread Willy Tarreau 
On Wed, Feb 24, 2016 at 01:36:39PM +0300, Dmitry Sivachenko wrote:
> I do have "mode http" (I intentionally put it here with a comment).
> Will it work only for tcp-mode frontend?
> Or should I use tcp-request for tcp frontend and http-request for http 
> frontend?

Both tcp-request and http-request will work in your HTTP frontend. My point
is that if your frontend is in HTTP mode, you won't be able to direct the
traffic to a TCP backend, the config parser will reject this.

Willy

Re: Using operators in ACLs

2016-02-24 Thread Dmitry Sivachenko 

> On 24 Feb 2016, at 01:02, Willy Tarreau  wrote:
> 
> Hi Dmitry,
> 
> On Fri, Feb 19, 2016 at 05:58:47PM +0300, Dmitry Sivachenko wrote:
>> Hello,
>> 
>> I want to define ACL which will evaluate to true if a current number of 
>> connections to a particular backend is greater than a number of usable 
>> servers in that backend multiplied on some constant:
>> 
>> be_conn(BACK) > nbsrv(BACK) * N
>> 
>> So far I came up with the following solution:
>> 
>> frontend FRONT
>>mode http  # can be either http or tcp here
>>tcp-request content set-var(sess.nb) nbsrv(BACK)  # I use tcp-request 
>> here (not http-request) so it works for both http and tcp mode backends
>>acl my_acl be_conn(BACK),div(sess.nb) gt 10  #  "N" in 10 here
>> 
>> 
>> So I must use set-var here because div() accepts either a number or a 
>> variable.
>> 
>> Is this a good sulution for my problem or it can be done better?
> 
> It currently is the only available solution, and I'm glad that you spotted
> it because support for variables in arithmetic operators was added in great
> part to permit such things.
> 
> I do have one comment regarding your comment about tcp-request vs
> http-request. What you say is valid only if you don't have "mode http"
> in your frontend, but I assume that you simplified the config so that
> it's easy to understand here.
> 


I do have "mode http" (I intentionally put it here with a comment).  Will it 
work only for tcp-mode frontend?

Or should I use tcp-request for tcp frontend and http-request for http frontend?

Re: Using operators in ACLs

2016-02-23 Thread Willy Tarreau 
Hi Dmitry,

On Fri, Feb 19, 2016 at 05:58:47PM +0300, Dmitry Sivachenko wrote:
> Hello,
> 
> I want to define ACL which will evaluate to true if a current number of 
> connections to a particular backend is greater than a number of usable 
> servers in that backend multiplied on some constant:
> 
> be_conn(BACK) > nbsrv(BACK) * N
> 
> So far I came up with the following solution:
> 
> frontend FRONT
> mode http  # can be either http or tcp here
> tcp-request content set-var(sess.nb) nbsrv(BACK)  # I use tcp-request 
> here (not http-request) so it works for both http and tcp mode backends
> acl my_acl be_conn(BACK),div(sess.nb) gt 10  #  "N" in 10 here
> 
> 
> So I must use set-var here because div() accepts either a number or a 
> variable.
> 
> Is this a good sulution for my problem or it can be done better?

It currently is the only available solution, and I'm glad that you spotted
it because support for variables in arithmetic operators was added in great
part to permit such things.

I do have one comment regarding your comment about tcp-request vs
http-request. What you say is valid only if you don't have "mode http"
in your frontend, but I assume that you simplified the config so that
it's easy to understand here.

Regards,
Willy

Using operators in ACLs

2016-02-19 Thread Dmitry Sivachenko 
Hello,

I want to define ACL which will evaluate to true if a current number of 
connections to a particular backend is greater than a number of usable servers 
in that backend multiplied on some constant:

be_conn(BACK) > nbsrv(BACK) * N

So far I came up with the following solution:

frontend FRONT
mode http  # can be either http or tcp here
tcp-request content set-var(sess.nb) nbsrv(BACK)  # I use tcp-request here 
(not http-request) so it works for both http and tcp mode backends
acl my_acl be_conn(BACK),div(sess.nb) gt 10  #  "N" in 10 here


So I must use set-var here because div() accepts either a number or a variable.

Is this a good sulution for my problem or it can be done better?

Thanks!