Okay, think I found it:
On 8 September 2010 17:56, Matt <mattmoran76#gmail.com> wrote:
> Hi guys,
>
> I'm trying out the rate limit feature in 1.5-dev2. My config is
> below. It appears to work in the sense that after the limit the
> connection is dropped, but I actually want the connection to go to the
> error backend, rather than the webserver backend and get dropped. I'm
> guessing my logic in the frontend config is wrong rather than it being
> a bug.
>
> Thanks,
>
> Matt
>
> defaults
> mode http
> option httplog
> option log-separate-errors
> option httpchk HEAD /available HTTP/1.0
> monitor-uri /haproxy_test
> option allbackups
> http-check disable-on-404
> retries 3
> option redispatch
> maxconn 2000
> timeout connect 5s
> timeout client 60s
> timeout server 60s
> timeout http-request 10s
> timeout http-keep-alive 2s
> timeout check 10s
> frontend ha-01-apache *:80
> log 127.0.0.1:516 local0 info
> option http-pretend-keepalive
>
> stick-table type ip size 200k expire 10m store gpc0
> acl source_is_abuser src_get_gpc0(http) gt 0
> use_backend error if source_is_abuser
> tcp-request connection track-sc1 src if ! source_is_abuser
>
> acl apache_01 hdr_sub(host) -i example.com
> use_backend webserver if apache_01
> backend webserver
> log 127.0.0.1:516 local0 info
> option http-server-close
>
> stick-table type ip size 200k expire 30s store conn_rate(100s)
> tcp-request content track-sc2 src
> acl conn_rate_abuse sc2_conn_rate gt 5
> acl mark_as_abuser sc1_inc_gpc0 gt 0
> tcp-request content reject if conn_rate_abuse mark_as_abuser
>
> server apache 127.0.0.1:81 check inter 15s rise 2 fall 2
> backend error
> errorfile 503 /etc/haproxy/errorfiles/503.http
>
Received on 2010/09/08 19:17
This archive was generated by hypermail 2.2.0 : 2010/09/08 19:30 CEST