Willy, Thierry, and all: My employer uses an external service provider that requires that we do not over use their services. So, I need to use HAProxy to help throttle/limit the max number of user connections per day (i.e. 2000 JSP page views/day for all internal users at my employer) from inside my employer’s network out to the service provider’s specific destination URL RegExs. This seems to be the reverse of how HAProxy is normaly setup to protect a company’s services from abusive outside connections!
So we are considering setting up one or two HAProxy servers in the following way: Any user in user in my employer’s network |=> our DNS [setup pointer entries in DNS for the following to all point to related virtual hosts on HAProxy: some.service1.provider.com <http://actweb.acttax.com/> some.service2.provider.com <http://actweb.acttax.com/> some.service3.provider.com <http://actweb.acttax.com/> |=> our *HAProxy server*(s) [*that throttle connection rate to given URL RegExs*] |=> Our backend *Apache httpd server*(s) [*that has virtual hosts **which redirects to real IPs of some.service*.**provider.com <http://provider.com/>*] |=> Our corporate FireWall [*will only allow connections to real IP addresses of* *some.service*.**provider.com <http://provider.com/>**from our HAProxy server(s)*] I do have a Linux Sys Admin resource offshore that has setup HAProxy at other companies using its “out-of-the-box” configuration options. However; we both are not sure whether HAProxy server’s “out-of-the-box” configuration options will support our requirements for throttling/limiting all outgoing connections to our external service provider’s destination URL RegExs for their JSP page views (i.e. 2000 JSP page views/day for all internal users at my employer): Example destination URL RegExes: “https://some.service1.provider.com <http://actweb.acttax.com/>/*/*.jsp*” “https://some.service2.provider.com <http://actweb.acttax.com/>/*/*.jsp*” “https://some.service3.provider.com <http://actweb.acttax.com/>/*/*.jsp*” The documentation for HAProxy 1.6 configuration seems like it can easily track the counts and rates of successful connections from individual user (i.e. source) IP addresses to specified destination URL RegExes; however, I don’t see how HAProxy server can be configured to track the successful connections from ALL internal users inside my employer’s network out to the destination URL RegExs! So, Is there a way of tracking all of these successful connections to the specified destination URL RegExs in some sort of HAProxy global value table? And, can each of those global counters be automatically and safely: · Used in an ACL/condition that prevents new connections from being made to the specified URL RegEx if it exceeds some count threshold? · incremented when any user makes a successful connection to a specific URL RegEx? · reset to zero at midnight (either in some sort of HAProxy configuration expression OR using some external cron job and shell script)? If the above requirements cannot be easily be implemented with HAProxy’s “out-of-the-box” configuration options, can these requirements be implemented using Lua-based extentions for HAProxy? If these requirements can easily be done with Lua-based extensions, how do you recommend that we implement it? Thanks for any help! John Pingel Email: jake.pin...@gmail.com