Hello Sikander,
Sorry for this late reply.
On 08/16/2017 01:24 PM, Sikander Dhaliwal wrote:
Dear Support,
We are using HA-Proxy version 1.8-dev1-7b67726 on four servers. To
handle the DDOS attacks, we have configured sticky-table rules.
The issue is, the same configuration is working on 3 servers but not on
one server. All the server packages,haproxy version and configuration
file is same. But one server is showing 1/3rd requests in sticky table.
Consequently, it is not blocking any of the IPs.
However, rest of the servers showing correct count in sticky table
corresponding to the number of requests made and blocking the IPs as
well when they reach defined limit.
Could you please guide how we can eradicate the issue? Which packages
haproxy use to count the http_req_rate?
Well, if there is a bug, it is not easy to know how to fix it as at this
time we are not able to reproduce it.
When you are facing such a problem, would you mind issuing this command
on the CLI to have more information about the current peer session
states for each haproxy processes please:
show sess all
If this command output is too big, I would be interested by the peer
sessions information which look like this following one:
0x9a905e8: [30/Aug/2017:16:07:39.284581] id=0 proto=tcpv4
flags=0x6, conn_retries=0, srv_conn=(nil), pend_pos=(nil)
frontend=hostA (id=4294967295 mode=tcp), listener=? (id=0)
backend=<NONE> (id=-1 mode=-) addr=127.0.0.1:59320
server=<NONE> (id=-1) addr=127.0.0.100:8030
task=0x9a90590 (state=0x08 nice=0 calls=2 exp=4s age=?)
si[0]=0x9a90740 (state=EST flags=0x4048 endp0=APPCTX:0x9a907f0
exp=<NEVER>, et=0x000)
si[1]=0x9a9075c (state=EST flags=0x58 endp1=CONN:0x9a903f0
exp=<NEVER>, et=0x000)
app0=0x9a907f0 st0=7 st1=0 st2=0 *applet=<PEER>*
co1=0x9a903f0 ctrl=tcpv4 xprt=RAW data=STRM target=PROXY:0x9a52750
flags=0x00203306 fd=1 fd.state=25 fd.cache=0 updt=0
req=0x9a905f4 (f=0x848000 an=0x0 pipe=0 tofwd=-1 total=31)
an_exp=<NEVER> rex=4s wex=<NEVER>
buf=0x8187fc0 data=0x8187fd0 o=0 p=0 req.next=0 i=0 size=0
res=0x9a90628 (f=0x80408202 an=0x0 pipe=0 tofwd=-1 total=4)
an_exp=<NEVER> rex=<NEVER> wex=<NEVER>
buf=0x9a5fc08 data=0x9a5fc18 o=0 p=0 rsp.next=0 i=0 size=16384
Note the line beginning by "app0=..." and terminated by "applet=<PEER>".
This is how you can distinguish the TCP peer sessions among others.
Regards.