Willy, Thierry, and all:
My employer uses an external service provider that requires that we do not
over use their services. So, I need to use HAProxy to help
throttle/limit the max number of user connections per day (i.e. 2000 JSP
page views/day for all internal users at my employer) from inside my
employer’s network out to the service provider’s specific destination URL
RegExs. This seems to be the reverse of how HAProxy is normaly setup to
protect a company’s services from abusive outside connections!
So we are considering setting up one or two HAProxy servers in the
following way:
Any user in user in my employer’s network
|=>
our DNS [setup pointer entries in DNS for
the following to all point to related virtual hosts on HAProxy:
some.service1.provider.com <http://actweb.acttax.com/>
some.service2.provider.com <http://actweb.acttax.com/>
some.service3.provider.com <http://actweb.acttax.com/>
|=>
our *HAProxy server*(s) [*that
throttle connection rate to given URL RegExs*]
|=>
Our backend *Apache httpd
server*(s) [*that
has virtual hosts **which redirects to real IPs of some.service*.**provider.com
<http://provider.com/>*]
|=>
Our corporate FireWall [*will only allow
connections to real IP addresses of*
*some.service*.**provider.com <http://provider.com/>**from our HAProxy
server(s)*]
I do have a Linux Sys Admin resource offshore that has setup HAProxy at
other companies using its “out-of-the-box” configuration options. However;
we both are not sure whether HAProxy server’s “out-of-the-box”
configuration options will support our requirements for throttling/limiting
all outgoing connections to our external service provider’s destination URL
RegExs for their JSP page views (i.e. 2000 JSP page views/day for all
internal users at my employer):
Example destination URL RegExes:
“https://some.service1.provider.com <http://actweb.acttax.com/>/*/*.jsp*”
“https://some.service2.provider.com <http://actweb.acttax.com/>/*/*.jsp*”
“https://some.service3.provider.com <http://actweb.acttax.com/>/*/*.jsp*”
The documentation for HAProxy 1.6 configuration seems like it can easily
track the counts and rates of successful connections from individual user
(i.e. source) IP addresses to specified destination URL RegExes; however, I
don’t see how HAProxy server can be configured to track the successful
connections from ALL internal users inside my employer’s network out to the
destination URL RegExs!
So, Is there a way of tracking all of these successful connections to the
specified destination URL RegExs in some sort of HAProxy global value
table? And, can each of those global counters be automatically and safely:
· Used in an ACL/condition that prevents new connections from being
made to the specified URL RegEx if it exceeds some count threshold?
· incremented when any user makes a successful connection to a
specific URL RegEx?
· reset to zero at midnight (either in some sort of HAProxy
configuration expression OR using some external cron job and shell script)?
If the above requirements cannot be easily be implemented with HAProxy’s
“out-of-the-box” configuration options, can these requirements be
implemented using Lua-based extentions for HAProxy? If these requirements
can easily be done with Lua-based extensions, how do you recommend that we
implement it?
Thanks for any help!
John Pingel
Email: jake.pin...@gmail.com
