Thanks, I sent request previously to you but I have done it. Ha. ----- Original Message -----
From: "Klavs Klavsen" <k...@vsen.dk> To: "Mark S." <mark.staudin...@nyi.net>, haproxy@formilux.org Sent: Tuesday, March 24, 2015 10:56:03 AM Subject: Re: limiting conn-curs per-ip using x-forwarded-for Mark S. wrote on 03/24/2015 03:36 PM: > Hi Klavs, > > Try using this in the backend section for the track-sc2 statement to use > the previous instance of the Forwarded-For header. > > I have a version of this working in a similar fashion, but I am using a > "stick-table type binary" instead of string - it probably works both > ways, but I haven't tested type string. I'm using http_req_rate as I'm > concerned about the rate rather than the number of active connections. > > stick-table type binary len 32 size 5k expire 5m store > http_req_rate(10s),gpc0 > tcp-request content track-sc2 hdr(X-Forwarded-For,-1) > Thank you Mark, It did help.. somewhat.. now first connection is allowed :) I now have: stick-table type string size 100k store conn_cur,gpc0 stick store-request hdr(X-Forwarded-For,-1) tcp-request content track-sc2 hdr(X-Forwarded-For) acl allowed sc2_conn_cur lt 2 block unless allowed But everyone gets blocked - when one connection is active.. (ie. not just the source of that one connection). show table shows this: table: kk.dk-ds-backend, type: string, size:102400, used:2 0x1304dfc: key=10.27.174.10 use=1 exp=0 server_id=1 gpc0=0 conn_cur=1 shouldn't the key - be the x-forwarded-for header? [CUT] -- Regards, Klavs Klavsen, GSEC - k...@vsen.dk - http://www.vsen.dk - Tlf. 61281200 "Those who do not understand Unix are condemned to reinvent it, poorly." --Henry Spencer