Le 17/03/2020 à 16:41, Sean Reifschneider a écrit :
The only place tcp-request appears in my config is in relation to rate-limiting,
which we have set up to track but not enforce. Here are the associated rules:
frontend main
[...]
acl rate_whitelist src 10.0.0.1
acl rate_whitelist src 10.0.1.1
acl rate_whitelist src 10.0.1.2
acl rate_whitelist src 10.0.1.3
acl rate_whitelist src 10.0.1.4
stick-table type ip size 200k expire 60s store gpc0
tcp-request connection track-sc0 src if ! rate_whitelist
#use_backend throttled if { sc0_get_gpc0 gt 0 }
backend www
[...]
stick-table type ip size 200k expire 1m store http_req_rate(30s)
acl abuse_req_rate sc1_http_req_rate gt 1000
acl mark_as_abuser sc0_inc_gpc0(main) gt 0
tcp-request content track-sc1 src
tcp-request content reject if abuse_req_rate mark_as_abuser
Here's a pastebin of the full config: https://paste.ubuntu.com/p/nM6xq4Vp2z/
Ok, so the failing ACL is rate_whitelist. But there is nothing strange here. And
your configuration is pretty clean. It is probably a side effect of another bug.
Without a core file it will be hard to investigate.
--
Christopher Faulet
