Greetings,
On 08/30/2016 01:10 PM, Samrat Roy wrote:
Thank you sir for your quick reply.
I am now able to give custom error code for my HAproxy configuration.
However I am facing one more issue .
With the above approach HAproxy is rejecting each and every calls once
the limit has crossed. It is behaving as a circuit breaker . But my
requirement is to have a throttling for example every 10 second I
should allow 200 request and anything more than 200 will be rejected.
There are two ways I can think to interpret your question:
1) You want to have a tick every 10 seconds which resets the counter to zero
2) You want to not count requests over the limit (which get blocked) to
count to the blocking
For 1 you would need a script to talk to the socket, and I'd not advise
doing that unless you know what you are doing and why there is no
cleaner alternative.
For 2 I'd add gpc0,gpc0_rate(10s) to the stick table in place of
conn_rate, then use something like the following:
http-request allow if { sc_inc_gpc0(0) }
After the use_backend statement. Then instead of checking conn_rate
check sc_gpc0_rate(0) per
http://cbonte.github.io/haproxy-dconv/1.7/configuration.html#7.3.3-sc_gpc0_rate.
Because in that case gpc0 will only be incremented if the request
doesn't end up at the custom backend/blocked/etc that should fill your
needs there.
Thanks,
- Chad
Is there any way I can achieve this .Please help me to configure the same.
Thanks in advance
Samrat
On Fri, Aug 26, 2016 at 10:16 PM, Chad Lavoie <clav...@haproxy.com
<mailto:clav...@haproxy.com>> wrote:
Greetings,
On 08/26/2016 09:14 AM, Samrat Roy wrote:
Hello Sir,
down votefavorite
<http://stackoverflow.com/questions/39166887/haproxy-limiting-the-connection-rate-per-user#>
I am trying to achieve rate limiting using HAProxy. I am trying
to follow the "Limiting the connection rate per user" approach. I
am able to achieve this by the below configuration. But facing
one problem, that is, i am not able to send a custom error code
once the rate limit is reached. For example if i reached the rate
limit i want to send HTTP error code 429. In this case the proxy
is simply rejecting the incoming call and users are getting http
status code as 0.
"tcp-request connection reject" rejects the connection, so there
is no status code in this case. If you want to send a 403 replace
it with "http-request deny if ..." instead.
If you want to respond with HTTP 429 make a backend with no
backend servers (so that all requests will get a 503) and set a
custom 503 error page, editing the headers at the top of the file
so that the response code is 429 (or whatever other
code/message/etc you desire).
- Chad
Please let me know how can i do this
frontend localnodes
|bind *:80 mode http default_backend nodes stick-table type ip
size 100k expire 30s store conn_rate(5s) tcp-request connection
reject if { src_conn_rate ge 60 } tcp-request connection
track-sc1 src |
backend nodes
|cookie MYSRV insert indirect nocache server srv1 <Server IP>:80
check cookie srv1 maxconn 500 |
Thanks
Samrat
