Hi, On Fri, May 11, Mihir Shirali wrote: > I did look up some examples for setting 503 - but all of them (as you've > indicated) seem based on src ip or src header. I'm guessing this is more > suitable for a DOS/DDOS attack? In our deployment, the likelihood of > getting one request from multiple clients is more than multiple requests > from a single client.
Can you explain how/when(on what condition) you'd like to limit the number of requests and haproxy return 503 status to clients (429 seems more appropriate status code for this) ? If you just want haproxy to return 503 for all new requests when there're X number of sessions/connections/session rate then take a look at fe_conn, fe_req_rate, fe_sess_rate, be_conn and be_sess_rate (https://cbonte.github.io/haproxy-dconv/1.8/configuration.html#7.3.2-fe_conn) so for example something like http-request deny deny_status 503 if { fe_req_rate gt 50 } > As an update the rate-limit directive has helped. However, the only problem > is that the client does not know that the server is busy and *could* time > out. It would be great if it were possible to somehow send a 503 out , so > the clients could retry after a random time. -Jarno -- Jarno Huuskonen
