Hi, I am using latest haproxy with EC2 elastic load balancer configured to proxy TCP:443 <-> TCP:443 to support HTTP2. PROXY protocol is enabled to get original IP address.
IP rate limiting is done using following config: frontend fe_http bind *:443 accept-proxy ssl crt ... no-sslv3 alpn h2,http/1.1 stick-table type ip size 256k expire 10s store http_req_rate(10s) tcp-request inspect-delay 5s # Must use "content" because of PROXY protocol. tcp-request content track-sc0 src acl check_http_req_rate sc0_http_req_rate ge 256 tcp-request content reject if check_http_req_rate use_backend be_429_slow_down if check_http_req_rate backend be_429_slow_down errorfile 503 /etc/haproxy/errors/429.http It works and is helpful until some point when haproxy consumes 100% CPU on 1 of 4 available cores and requests start failing. It can be that I need better/more hardware, but I wonder if there is anything I can improve in my config to lower CPU usage? Thanks in advance.