Mark S. wrote on 03/24/2015 03:36 PM:
Hi Klavs,
Try using this in the backend section for the track-sc2 statement to use
the previous instance of the Forwarded-For header.
I have a version of this working in a similar fashion, but I am using a
"stick-table type binary" instead of string - it probably works both
ways, but I haven't tested type string. I'm using http_req_rate as I'm
concerned about the rate rather than the number of active connections.
stick-table type binary len 32 size 5k expire 5m store
http_req_rate(10s),gpc0
tcp-request content track-sc2 hdr(X-Forwarded-For,-1)
Thank you Mark,
It did help.. somewhat.. now first connection is allowed :)
I now have:
stick-table type string size 100k store conn_cur,gpc0
stick store-request hdr(X-Forwarded-For,-1)
tcp-request content track-sc2 hdr(X-Forwarded-For)
acl allowed sc2_conn_cur lt 2
block unless allowed
But everyone gets blocked - when one connection is active.. (ie. not
just the source of that one connection).
show table shows this:
table: kk.dk-ds-backend, type: string, size:102400, used:2
0x1304dfc: key=10.27.174.10 use=1 exp=0 server_id=1 gpc0=0 conn_cur=1
shouldn't the key - be the x-forwarded-for header?
[CUT]
--
Regards,
Klavs Klavsen, GSEC - k...@vsen.dk - http://www.vsen.dk - Tlf. 61281200
"Those who do not understand Unix are condemned to reinvent it, poorly."
--Henry Spencer