On Wed, May 27, 2015 at 3:42 PM, Roland RoLaNd <r_o_l_a_...@hotmail.com> wrote:
> managed to successfully reject access from specific users depending on
> condition; but what i eventually want is to provide them with a certain page
> instead of reject (redirect isn't an option)
>
>
> backend phoenix
> stick-table type string len 40 size 5M expire 2m store conn_rate(60s)
> tcp-request inspect-delay 10s
> stick on url_param(sid) table phoenix
> tcp-request content track-sc0 url_param(sid)
> errorfile 200 /etc/haproxy/custom_response/phoenix.http if { sc0_conn_rate
> gt 10 }
>
>
> checking socket; the conn rate is above 10:
> 0x8581a0: key=10000000000testing000001 use=0 exp=119272 server_id=1
> conn_rate(60000)=90
>
>
> i think the problem is that condition should be set in frontend config in
> a way that points to the "phoenix" table instead of the default frontend
> table...
>
> any advice?
Hi Roland,
You can use the stick table gpc0 as a flag and query it from the
frontend for the next coming request.
If greater than 0, route the user to a specific backend where you can
deliver pages.
Some examples here:
http://blog.haproxy.com/2012/02/27/use-a-load-balancer-as-a-first-row-of-defense-against-ddos/
Baptiste
