Hi Willy,
The 1.4 seems not to work, for example I have the following:
frontend xx xxxx:80 mode http tcp-request inspect-delay 30s acl to_delay hdr_reg Opera.* tcp-request content accept if to_delay WAIT_END
Maybe it is because of the capture cookie or redirect which I have further?
P.S.: Sorry for the William
Willy Tarreau wrote:
> Hi Andrew,
>
> On Mon, Aug 03, 2009 at 02:18:21AM +0200, Andrew Azarov wrote:
>
> BTW, with 1.4 you could already do this without additional work,
> because in 1.4 you can use HTTP ACLs in TCP rules. You just need
> to wait for a whole HTTP request first. It would look like this :
>
> 1 frontend XXX
> 2 mode http
> 3 tcp-inspect delay 30s
> 4 tcp-request content reject if ! HTTP
>
> 5 acl to_delay hdr_sub(user-agent) -i Opera
> 6 ( as many other tests as you want )
>
> 7 tcp-request content accept if to_delay WAIT_END
>
>
> What this does :
> 3) set max tcp content inspection delay to the pause you
> want to induce
> 4) wait for a complete HTTP request. As long as the TCP contents
> look like HTTP but the request is not complete, the rule will
> block and return to the caller that it wants more data. If it
> sees it's not valid HTTP protocol, it will drop the request.
> If it sees it's a complete HTTP request, it will pas on to
> next rules.
> 5) write as many tests as you want for the to_delay, which will
> indicate what criteria will introduce a delay. You can also
> write as many ACLs as you want and combine them later.
> 7) We say that we accept the request if the ACL "to_delay" is
> matched as well as the implicit "WAIT_END" ACL. The trick
> here is that this WAIT_END only matches once the timeout
> strikes. So it will be evaluated only if the to_delay is
> also validated, and will cause a pause for those requests.
> If the to_delay ACL is not matched, then the next rules are
> evaluated. Once there aren't any more, we get an automatic
> accept, which happens for other traffic.
>
> I really encourage you to give it a try, as it may help you solve
> your issues without wasting time on code, and it will offer you a
> much more flexible mechanism too.
>
> Regards,
> Willy
>
>
>
Received on 2009/08/05 16:08
This archive was generated by hypermail 2.2.0 : 2009/08/05 16:15 CEST