Thanks all. Hope we will see 1.6-dev1 soon :D Bests, -Igor
On Wed, Apr 18, 2012 at 1:40 PM, Willy Tarreau <w...@1wt.eu> wrote: > On Wed, Apr 18, 2012 at 05:39:24AM +0200, Baptiste wrote: > > Hi,, > > > > 1. not doable at this time with HAProxy > > And I don't even know if there is any plans to do it soon. > > It's planned for 1.6, let's hope one day we finish 1.5 first :-) > > > 2. easily doable through the stick table with the counter conn_cur. > > Some examples are provided here > > > http://blog.exceliance.fr/2012/02/27/use-a-load-balancer-as-a-first-row-of-defense-against-ddos/ > > Note that limiting number of connection to 3 is too low for regular > > browser, it may be enough for webservices. > > Warning, Igor asked for limiting source addresses to 3 max. The table_cnt > ACL > is usable to report the number of entries in a table (eg: the number of > source > IP addresses). It's just needed to make the table expire immediately so > that > these addresses are not kept when the connection closes. A timeout of 1ms > should do the trick I think. > > Willy > >