Hi,
I actually am able to insert the string in the table and increase the
http_req_rate:
# table: HTTP, type: string, size:1048576, used:2
0x188193c: key=abc123 use=0 exp=3574082 http_req_rate(60000)=4
0x1896f6c: key=abc_567 use=0 exp=3596948 http_req_rate(60000)=17
My problem is that connections or requests should be refused if
http_req_rate is greater or equal to 10 however as you can see the rate for
abc_567 is 17 and the requests were still handled.
--
Pierre
On Fri, Jun 19, 2015 at 8:51 AM, bjunity@gmail.com <bjunity@gmail.com>
wrote:
> Hi,
>
> if i understand you correctly, this is the same problem i was having:
>
>
>
> http://godevops.net/2015/04/23/haproxy-tracking-multiple-sample-fetches-in-stick-table/
>
> http://marc.info/?t=140828710400005&r=1&w=2
>
>
>
> --------------
> Bjoern
>
>
>
> 2015-06-19 14:37 GMT+02:00 Pierre Beaumier <pierre@kkdzo.org>:
> > Hi Bjoern,
> >
> > I was able to extract the information I need and put it in a table by
> > creating a custom header from the path and applying some regex but now
> I'm
> > not sure how to actually rate limit based on that.
> > Here's a trimmed down version of my config.
> >
> > global
> > daemon
> > maxconn 100000
> >
> > defaults
> > mode http
> > timeout client 60s
> > timeout connect 5s
> > timeout server 60s
> >
> > frontend HTTP
> > bind *:80
> > tcp-request inspect-delay 2s
> > http-request deny if { sc0_http_req_rate ge 10 }
> > http-request set-header X-Custom-ABC %[path]
> > http-request replace-value X-Custom-ABC ^.*(abc.*)/.* \1
> > stick-table type string size 1m expire 60m store http_req_rate(60s)
> >
> > acl hap-test_front hdr_reg(host) -i haproxytest.domain.tld
> > haproxytest3.domain.tld
> > use_backend HAPTEST if hap-test_front
> >
> > backend HAPTEST
> > option httpchk GET /healthcheck HTTP/1.0
> > http-check expect status 200
> >
> > tcp-request content track-sc0 hdr(X-Custom-ABC) table HTTP
> >
> > server web web:80 check inter 5000 fastinter 1000 fall 1
> >
> >
> > I expected the "http-request deny if { sc0_http_req_rate ge 10 }" stanza
> to
> > refuse the request however the requests are still getting through and the
> > counter still increases:
> >
> > # table: HTTP, type: string, size:1048576, used:2
> > 0x188193c: key=abc123 use=0 exp=3574082 http_req_rate(60000)=4
> > 0x1896f6c: key=abc_567 use=0 exp=3596948 http_req_rate(60000)=17
> >
> > Thanks
> >
> > --
> > Pierre
> >
> > On Thu, Jun 18, 2015 at 11:42 AM, bjunity@gmail.com <bjunity@gmail.com>
> > wrote:
> >>
> >> 2015-06-17 15:00 GMT+02:00 Pierre Beaumier <pierre@kkdzo.org>:
> >> > Hello,
> >> >
> >> > I'm using haproxy 1.5.12 and I'm trying to do rate limiting based on a
> >> > part
> >> > of a URL requested.
> >> >
> >> > Requests I want to track and limit have the following form:
> >> > https://host1.domain.tld/field1/field2/morestuff?query……
> >> > - field1 is a word like "user" or "data", there are 2 to 4 of them and
> >> > they're known to me.
> >> > - field2 is what I really want to track, it's formed of 3 letters that
> >> > never
> >> > change and followed by several characters including lower and upper
> case
> >> > letters, numbers, dashes (-) and underscores (_). The field length is
> >> > not
> >> > fixed however it will always be in second position in the path.
> Examples
> >> > for
> >> > this field are abc_PT4gWk-42, abc1234 or abc-vb8WQ_2
> >> >
> >> > My goal is have a table storing these with a counter for each, block
> if
> >> > we
> >> > get more than 10 per second and return an error message like "too many
> >> > requests". I'd like to be able to query this table to have an idea of
> >> > the
> >> > abusers, this should be trivial by parsing the output of "show table".
> >> >
> >> > I have not been able to generate a config that does something similar
> >> > and am
> >> > quite confused by the stick store-request which accept path but not
> >> > path_reg. Am I actually in the right direction ?
> >> >
> >> > Any help would be greatly appreciated.
> >> >
> >> > Thanks
> >> >
> >> > --
> >> > Pierre
> >> >
> >>
> >>
> >> Hi Pierre,
> >>
> >> can you share your config?
> >>
> >>
> >> -----------
> >> Bjoern
> >
> >
>
I actually am able to insert the string in the table and increase the
http_req_rate:
# table: HTTP, type: string, size:1048576, used:2
0x188193c: key=abc123 use=0 exp=3574082 http_req_rate(60000)=4
0x1896f6c: key=abc_567 use=0 exp=3596948 http_req_rate(60000)=17
My problem is that connections or requests should be refused if
http_req_rate is greater or equal to 10 however as you can see the rate for
abc_567 is 17 and the requests were still handled.
--
Pierre
On Fri, Jun 19, 2015 at 8:51 AM, bjunity@gmail.com <bjunity@gmail.com>
wrote:
> Hi,
>
> if i understand you correctly, this is the same problem i was having:
>
>
>
> http://godevops.net/2015/04/23/haproxy-tracking-multiple-sample-fetches-in-stick-table/
>
> http://marc.info/?t=140828710400005&r=1&w=2
>
>
>
> --------------
> Bjoern
>
>
>
> 2015-06-19 14:37 GMT+02:00 Pierre Beaumier <pierre@kkdzo.org>:
> > Hi Bjoern,
> >
> > I was able to extract the information I need and put it in a table by
> > creating a custom header from the path and applying some regex but now
> I'm
> > not sure how to actually rate limit based on that.
> > Here's a trimmed down version of my config.
> >
> > global
> > daemon
> > maxconn 100000
> >
> > defaults
> > mode http
> > timeout client 60s
> > timeout connect 5s
> > timeout server 60s
> >
> > frontend HTTP
> > bind *:80
> > tcp-request inspect-delay 2s
> > http-request deny if { sc0_http_req_rate ge 10 }
> > http-request set-header X-Custom-ABC %[path]
> > http-request replace-value X-Custom-ABC ^.*(abc.*)/.* \1
> > stick-table type string size 1m expire 60m store http_req_rate(60s)
> >
> > acl hap-test_front hdr_reg(host) -i haproxytest.domain.tld
> > haproxytest3.domain.tld
> > use_backend HAPTEST if hap-test_front
> >
> > backend HAPTEST
> > option httpchk GET /healthcheck HTTP/1.0
> > http-check expect status 200
> >
> > tcp-request content track-sc0 hdr(X-Custom-ABC) table HTTP
> >
> > server web web:80 check inter 5000 fastinter 1000 fall 1
> >
> >
> > I expected the "http-request deny if { sc0_http_req_rate ge 10 }" stanza
> to
> > refuse the request however the requests are still getting through and the
> > counter still increases:
> >
> > # table: HTTP, type: string, size:1048576, used:2
> > 0x188193c: key=abc123 use=0 exp=3574082 http_req_rate(60000)=4
> > 0x1896f6c: key=abc_567 use=0 exp=3596948 http_req_rate(60000)=17
> >
> > Thanks
> >
> > --
> > Pierre
> >
> > On Thu, Jun 18, 2015 at 11:42 AM, bjunity@gmail.com <bjunity@gmail.com>
> > wrote:
> >>
> >> 2015-06-17 15:00 GMT+02:00 Pierre Beaumier <pierre@kkdzo.org>:
> >> > Hello,
> >> >
> >> > I'm using haproxy 1.5.12 and I'm trying to do rate limiting based on a
> >> > part
> >> > of a URL requested.
> >> >
> >> > Requests I want to track and limit have the following form:
> >> > https://host1.domain.tld/field1/field2/morestuff?query……
> >> > - field1 is a word like "user" or "data", there are 2 to 4 of them and
> >> > they're known to me.
> >> > - field2 is what I really want to track, it's formed of 3 letters that
> >> > never
> >> > change and followed by several characters including lower and upper
> case
> >> > letters, numbers, dashes (-) and underscores (_). The field length is
> >> > not
> >> > fixed however it will always be in second position in the path.
> Examples
> >> > for
> >> > this field are abc_PT4gWk-42, abc1234 or abc-vb8WQ_2
> >> >
> >> > My goal is have a table storing these with a counter for each, block
> if
> >> > we
> >> > get more than 10 per second and return an error message like "too many
> >> > requests". I'd like to be able to query this table to have an idea of
> >> > the
> >> > abusers, this should be trivial by parsing the output of "show table".
> >> >
> >> > I have not been able to generate a config that does something similar
> >> > and am
> >> > quite confused by the stick store-request which accept path but not
> >> > path_reg. Am I actually in the right direction ?
> >> >
> >> > Any help would be greatly appreciated.
> >> >
> >> > Thanks
> >> >
> >> > --
> >> > Pierre
> >> >
> >>
> >>
> >> Hi Pierre,
> >>
> >> can you share your config?
> >>
> >>
> >> -----------
> >> Bjoern
> >
> >
>