Baptiste, I was hoping that was not the case :-).
My main goal was to make it completely application agnostic, never mind I'll stick with the application cookie version. Thanks very much. On 14 November 2014 15:40, Baptiste <bed...@gmail.com> wrote: > On Fri, Nov 14, 2014 at 1:01 PM, Malcolm Turnbull > <malc...@loadbalancer.org> wrote: >> I was just playing around with the configuration from the excellent >> blog entry on e-commerce overload protection: >> http://blog.haproxy.com/2012/09/19/application-delivery-controller-and-ecommerce-websites/ >> >> If you have a PHPSession or ASPsessionID cookie then you can track the >> total number of users as follows: >> >> listen L7-Test >> bind 192.168.64.27:80 transparent >> mode http >> acl maxcapacity table_cnt ge 5000 >> acl knownuser hdr_sub(cookie) MYCOOK >> http-request deny if maxcapacity !knownuser >> >> stick-table type string len 32 size 10K expire 10m nopurge >> stick store-response set-cookie(MYCOOK) >> stick store-request cookie(MYCOOK) >> >> >> balance leastconn >> cookie SERVERID insert nocache >> server backup 127.0.0.1:9081 backup non-stick >> option http-keep-alive >> option forwardfor >> option redispatch >> option abortonclose >> maxconn 40000 >> server Test1 192.168.64.12:80 weight 100 cookie Test1 >> server Test2 192.168.64.13:80 weight 100 cookie Test2 >> >> But what if you only have a single source IP (so you still want to use >> cookies to track the usage AND stickyness) but the application doesn't >> have its own unique session id? >> >> Can you do something like using gpc0 to store a random haproxy session >> id (for overload) and yet still using cookie SERVERID for the >> persistence? >> Or using a big IP stick table even though all the IPs will be the same? >> >> Or am I just being really stupid today , which is not unusual :-). >> >> Thanks in advance. >> >> >> -- >> Regards, >> >> Malcolm Turnbull. >> >> Loadbalancer.org Ltd. >> Phone: +44 (0)330 1604540 >> http://www.loadbalancer.org/ >> > > Hi Malcolm, > > I don't understand the question about the IP address. > You don't use it at all in your conf, since you're using the cookie, > which is a layer above. > > That said, the case you mentionned is very rare: all users behind a > single IP and no cookie set by the application. > Are you sure there is no X-Forwarded-For headers, or whatever other > you could use to identify a user? > > There is no way for now in HAProxy to generate a random cookie... > well, no "clean" way :) > > Baptiste -- Regards, Malcolm Turnbull. Loadbalancer.org Ltd. Phone: +44 (0)330 1604540 http://www.loadbalancer.org/
