Re: Issue with src_http_req_rate count

[Frederic Lecaille]

Hello Sikander,

Sorry for this late reply.
On 08/16/2017 01:24 PM, Sikander Dhaliwal wrote:
Dear Support,

We are using HA-Proxy version 1.8-dev1-7b67726 on four servers. To
handle the DDOS attacks, we have configured sticky-table rules.

The issue is, the same configuration is working on 3 servers but not on
one server. All the server packages,haproxy version and configuration
file  is same. But one server is showing 1/3rd requests in sticky table.
Consequently, it is not blocking any of the IPs.

However, rest of the servers showing correct count in sticky table
corresponding to the number of requests made and blocking the IPs as
well when they reach defined limit.


Could you please guide how we can eradicate the issue?  Which packages
haproxy use to count the http_req_rate?

Well, if there is a bug, it is not easy to know how to fix it as at this 
time we are not able to reproduce it.

When you are facing such a problem, would you mind issuing this command 
on the CLI to have more information about the current peer session 
states for each haproxy processes please:

  show sess all

If this command output is too big, I would be interested by the peer 
sessions information which look like this following one:

0x9a905e8: [30/Aug/2017:16:07:39.284581] id=0 proto=tcpv4
  flags=0x6, conn_retries=0, srv_conn=(nil), pend_pos=(nil)
  frontend=hostA (id=4294967295 mode=tcp), listener=? (id=0)
  backend=<NONE> (id=-1 mode=-) addr=127.0.0.1:59320
  server=<NONE> (id=-1) addr=127.0.0.100:8030
  task=0x9a90590 (state=0x08 nice=0 calls=2 exp=4s age=?)
  si[0]=0x9a90740 (state=EST flags=0x4048 endp0=APPCTX:0x9a907f0 
exp=<NEVER>, et=0x000)
  si[1]=0x9a9075c (state=EST flags=0x58 endp1=CONN:0x9a903f0 
exp=<NEVER>, et=0x000)

  app0=0x9a907f0 st0=7 st1=0 st2=0 *applet=<PEER>*

  co1=0x9a903f0 ctrl=tcpv4 xprt=RAW data=STRM target=PROXY:0x9a52750
      flags=0x00203306 fd=1 fd.state=25 fd.cache=0 updt=0
  req=0x9a905f4 (f=0x848000 an=0x0 pipe=0 tofwd=-1 total=31)
      an_exp=<NEVER> rex=4s wex=<NEVER>
      buf=0x8187fc0 data=0x8187fd0 o=0 p=0 req.next=0 i=0 size=0
  res=0x9a90628 (f=0x80408202 an=0x0 pipe=0 tofwd=-1 total=4)
      an_exp=<NEVER> rex=<NEVER> wex=<NEVER>
      buf=0x9a5fc08 data=0x9a5fc18 o=0 p=0 rsp.next=0 i=0 size=16384

Note the line beginning by "app0=..." and terminated by "applet=<PEER>". 
This is how you can distinguish the TCP peer sessions among others.


Regards.