On Wed, Apr 18, 2012 at 05:39:24AM +0200, Baptiste wrote: > Hi,, > > 1. not doable at this time with HAProxy > And I don't even know if there is any plans to do it soon.
It's planned for 1.6, let's hope one day we finish 1.5 first :-) > 2. easily doable through the stick table with the counter conn_cur. > Some examples are provided here > http://blog.exceliance.fr/2012/02/27/use-a-load-balancer-as-a-first-row-of-defense-against-ddos/ > Note that limiting number of connection to 3 is too low for regular > browser, it may be enough for webservices. Warning, Igor asked for limiting source addresses to 3 max. The table_cnt ACL is usable to report the number of entries in a table (eg: the number of source IP addresses). It's just needed to make the table expire immediately so that these addresses are not kept when the connection closes. A timeout of 1ms should do the trick I think. Willy
