Thanks, I sent request previously to you but I have done it. Ha. ----- Original Message -----
From: "Jarno Huuskonen" <jarno.huusko...@uef.fi> To: "Klavs Klavsen" <k...@vsen.dk> Cc: haproxy@formilux.org Sent: Tuesday, March 24, 2015 12:58:21 PM Subject: Re: limiting conn-curs per-ip using x-forwarded-for Hi, On Tue, Mar 24, Klavs Klavsen wrote: > I now have: > stick-table type string size 100k store conn_cur,gpc0 > stick store-request hdr(X-Forwarded-For,-1) > tcp-request content track-sc2 hdr(X-Forwarded-For) > acl allowed sc2_conn_cur lt 2 > block unless allowed tcp-request inspect-delay ? Most of the examples seem to use inspect-delay: http://cbonte.github.io/haproxy-dconv/configuration-1.5.html#4.2-tcp-request%20content > shouldn't the key - be the x-forwarded-for header? Have you checked that the requests have (one) x-forwarded-for header ? hdr(X-Forwarded-For) = first header, and hdr(X-Forwarded-For,-1) = last header. (http://cbonte.github.io/haproxy-dconv/configuration-1.5.html#7.3.6-req.hdr) And is the haproxy ip the only one thats in the stick table ? -Jarno -- Jarno Huuskonen