Hi,
On Mon, Feb 11, Badari Prasad wrote:
> Thank you for the response. I came up with my own haproxy cfg, where i
> would want to rate limit based on event name and client id in url.
> URL ex : /api/v1/<event_name>/<clientid>
>
> Have attached a file for my haproxy cfg. But it does not seems to be rate
> limiting the incoming requests.
> backend st_src_monte
> stick-table type string size 1m expire 10s store http_req_rate(10s)
> ...
>
> acl monte_as1_exceeds_limit src_http_req_rate(st_src_as1_monte) gt 990
> acl monte_in_limit src_http_req_rate(st_src_as1_monte) lt 1000
> http-request track-sc0 src table st_src_as1_monte
There's no st_src_as1_monte table in your example config, there's
st_src_monte table.
> http-request deny deny_status 429 if { path_beg
> /api/v1/monitoring-event/A000001 AND monte_as1_exceeds_limit }
You're tracking connections with src, but the stick table is type string,
have you checked from admin socket that the stick table has entries,
something like:
echo 'show table st_src_monte' | nc -U /var/lib/haproxy/stats
(insted of nc -U, socat stdio /var/lib/haproxy/stats should also work).
If you want to track src ip, then stick-table type ip or ipv6 is
probably better.
>> I would want to configure 1000 tps for url /api/v1/client1/transfer_data or
>> 500 tps for /api/v1/client2/user_data and so on....
Do you mean that only 1000 tps goes to
/api/v1/client1/transfer_data (no matter what the source ip addresses
are) or each source ip can send 1000 tps to /api/v1/client1/transfer_data ?
-Jarno
--
Jarno Huuskonen
