Thanks Jamo! This is just what we were looking for!
On Tue, May 15, 2018 at 10:17 PM, Jarno Huuskonen <[email protected]> wrote: > Hi, > > On Fri, May 11, Mihir Shirali wrote: > > I did look up some examples for setting 503 - but all of them (as you've > > indicated) seem based on src ip or src header. I'm guessing this is more > > suitable for a DOS/DDOS attack? In our deployment, the likelihood of > > getting one request from multiple clients is more than multiple requests > > from a single client. > > Can you explain how/when(on what condition) you'd like to limit the number > of requests and haproxy return 503 status to clients (429 seems more > appropriate status code for this) ? > > If you just want haproxy to return 503 for all new requests when > there're X number of sessions/connections/session rate then > take a look at fe_conn, fe_req_rate, fe_sess_rate, be_conn and > be_sess_rate > (https://cbonte.github.io/haproxy-dconv/1.8/configuration.html#7.3.2-fe_ > conn) > so for example something like > http-request deny deny_status 503 if { fe_req_rate gt 50 } > > > As an update the rate-limit directive has helped. However, the only > problem > > is that the client does not know that the server is busy and *could* time > > out. It would be great if it were possible to somehow send a 503 out , so > > the clients could retry after a random time. > > -Jarno > > -- > Jarno Huuskonen > -- Regards, Mihir
