Hi, I have no words to thank you.
I hope to show a example config (relevant lines) for example below. stick mysrcandpathcombo stick-table type binary 8 size 10m expire 3m store gpc0_rate stick on base32+src I still don't understand what to use in a acl. Regards, ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ Long Wu Yuan 龙 武 缘 Sr. Linux Engineer 高级工程师 ChinaNetCloud 云络网络科技(上海)有限公司 | www.ChinaNetCloud.com1238 Xietu Lu, X2 Space 1-601, Shanghai, China | 中国上海市徐汇区斜土路1238号X2空 间1-601室 24x7 Support Hotline: +86-400-618-0024 | Office Tel: +86-(21)-6422-1946 We are hiring! http://careers.chinanetcloud.com | Customer Portal - https://customer-portal.service.chinanetcloud.com/ ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ On Thu, Jan 15, 2015 at 9:01 PM, Willy Tarreau <w...@1wt.eu> wrote: > Hi Yuan, > > On Wed, Jan 14, 2015 at 08:00:36PM +0800, Yuan Long wrote: > > Hi Willy, > > > > You answered a question, in record time, a short while ago, for a > > colleague, related to the MSIE encoding workaround "option > > accept-invalid-http-request". > > No pb. Next time you'd better post the question on the mailing list, > because it's much more responsive. You were lucky that I saw the e-mail > in fact, I miss most of them. > > > Inspired me to sort out a question, badly need confirmation on. I posted > to > > mailing list last week as well. > > OK. > > > Can we rate-limit by checking both the src-ipaddress & the path-requested > > at the same time. > > Yes you can. It's a bit tricky but there are two methods. The first one > consists in using the "base32+src" fetch. This one hashes the URL to a > 32-bit value, then concatenates the IP address to form a 64-bit value > that can be sticked on. It's quite efficient and due to the very low > collision rate, it's enough to consider that it corresponds to src+path. > The downside is that when dumping the table's entries from the CLI, you > cannot tell what URL corresponds to the key you're seeing. > > The second method consists in building a new header from the concatenation > of the src and the path, then track this header. It requires version 1.6 or > the commercial version HAPEE which includes this backport. It allows you > to keep a string in memory which is more handy to see the related URLs. > The downside is that it consumes much more memory since you store a > complete > string and not just 32-bit. > > So for a rate limiting (eg: against attacks), I'd still recommend using > only base32+src. It was made exactly for this and is efficient enough. > > Hoping this helps, > Willy > >