Okay, think I found it: - acl source_is_abuser src_get_gpc0(http) gt 0 + acl source_is_abuser sc1_get_gpc0(http) gt 0
On 8 September 2010 17:56, Matt <mattmora...@gmail.com> wrote: > Hi guys, > > I'm trying out the rate limit feature in 1.5-dev2. My config is > below. It appears to work in the sense that after the limit the > connection is dropped, but I actually want the connection to go to the > error backend, rather than the webserver backend and get dropped. I'm > guessing my logic in the frontend config is wrong rather than it being > a bug. > > Thanks, > > Matt > > defaults > mode http > option httplog > option log-separate-errors > option httpchk HEAD /available HTTP/1.0 > monitor-uri /haproxy_test > option allbackups > http-check disable-on-404 > retries 3 > option redispatch > maxconn 2000 > timeout connect 5s > timeout client 60s > timeout server 60s > timeout http-request 10s > timeout http-keep-alive 2s > timeout check 10s > frontend ha-01-apache *:80 > log 127.0.0.1:516 local0 info > option http-pretend-keepalive > > stick-table type ip size 200k expire 10m store gpc0 > acl source_is_abuser src_get_gpc0(http) gt 0 > use_backend error if source_is_abuser > tcp-request connection track-sc1 src if ! source_is_abuser > > acl apache_01 hdr_sub(host) -i example.com > use_backend webserver if apache_01 > backend webserver > log 127.0.0.1:516 local0 info > option http-server-close > > stick-table type ip size 200k expire 30s store conn_rate(100s) > tcp-request content track-sc2 src > acl conn_rate_abuse sc2_conn_rate gt 5 > acl mark_as_abuser sc1_inc_gpc0 gt 0 > tcp-request content reject if conn_rate_abuse mark_as_abuser > > server apache 127.0.0.1:81 check inter 15s rise 2 fall 2 > backend error > errorfile 503 /etc/haproxy/errorfiles/503.http >