Hello
Chris and I followed this example but found that it limits by url but for
all users. that might be what you want in a slashdotting but its not what
we want for individual users falling asleep with nose on f5(reload) key
we looked at base32+src rather than url but that excludes the url parameters
I've started a separate thread with a new url32+src function.
Neil
On 1 November 2013 18:39, Cyril Bonté <cyril.bo...@free.fr> wrote:
> Hi Przemyslaw,
>
> Le 31/10/2013 12:05, Przemysław Hejman a écrit :> Hello guys, it's me one
> again.
>
> >
> > I just wanted to share my experiences after several very simple
> > acceptance tests. First of all, I've found that the whitelist did not
> > work - I had to change my configuration to something like this:
> >
> > global
> > stats socket /tmp/haproxy.sock
> > defaults
> > mode http
> > timeout connect 5000ms
> > timeout client 50000ms
> > timeout server 50000ms
> > frontend app
> > bind *:8080
> > option http-server-close
> > stick-table type integer size 200k expire 30m store
> http_req_cnt
> > acl white_list src 127.0.0.1 192.168.1.205 192.168.0.133
> > tcp-request content accept if white_list
> > tcp-request content track-sc0 urlp(SID,?)
> > tcp-request content reject if { sc0_http_req_cnt gt 2 }
> > tcp-request inspect-delay 10s
> > default_backend web_servers
> > backend web_servers
> > balance roundrobin
> > server web01 127.0.0.1:80 check inter 1000
> >
> > Therefore, I've decided to do a little test. I've put request sent by
> > curl in a for loop like this
> > for i in `seq 1 400`; do curl
> > "192.168.0.132:8080/index.html?SID=33?asdf"; done
> >
> > Eveything to seem fine HOWEVER I have noticed that several (about 20)
> > requests randomly PASSED.
>
> Sorry, I didn't have time to reply to the configuration you provided last
> time. But it is normal if it didn't work 100% of the times : this is
> because your forgot to add a line that waits for a layer7 information, as
> Willy said.
>
> The important thing was to add :
> tcp-request content reject if !HTTP
>
>
>
> > Pushing the stick-table and tracking/rejecting operations back to
> > backend definition solved my problem.
>
> Indeed, this is another way to wait for HTTP data to be complete, as a
> HTTP frontend will use the backend only once the headers are received.
>
> Thanks for sharing.
>
> --
> Cyril Bonté
>
>
