Hi, We have multiple haproxy servers receiving traffic from our firewall, we want to apply some rate limiting that takes into account counters from all the haproxy servers.
I am testing this with 1.6.4 and I tried the peer feature, but not able to get it to work. I understand that counter aggregation does not happen, but even replication doesn¹t seem to be working for me. Conf: Peers article peer haproxy1 127.0.0.1:11023 peer haproxy2 127.0.0.1:11024 global stats socket /tmp/haproxy.sock mode 600 level admin #maxconn 3000 #maxconn 10000 defaults log 127.0.0.1 local1 option httplog mode http timeout server 120s timeout queue 1000s timeout client 1200s # CLient Inactive time timeout connect 100s # timeout for server connection timeout check 500s # timeout for server check pings maxconn 10000 retries 2 option redispatch option http-server-close frontend haproxy1_l2 mode http option forwardfor capture cookie egnyte-proxy len 32 capture request header host len 32 bind *:1443 ssl crt /home/egnyte/haproxy/conf/key.pem crt /home/egnyte/haproxy/conf/certs tcp-request inspect-delay 5s tcp-request content accept if { req_ssl_hello_type 1 } stick-table type string size 1M expire 10m store conn_cur peers article acl is_range hdr_sub(Range) bytes= acl is_path_throttled path_beg /public-api/v1/fs-content-download acl is_path_throttled path_end /get_file acl is_path_throttled path_beg /wsgi/print_headers.py #tcp-request content track-sc1 base32 if is_range is_path_throttled http-request set-header X-track %[url] http-request track-sc1 req.hdr(X-track) if is_range is_path_throttled http-request deny if { sc1_conn_cur gt 2 } is_range is_path_throttled default_backend apache_l1 backend apache_l1 mode http maxconn 10000 reqadd X-Haproxy-L1:\ true server apache_l1 127.0.0.1:80 Is there any other way to have rate limiting that can track the counters across haproxy servers? How about seeding counters in to redis using lua and then reading them to rate limit is it even feasible, I have not looked at it in detail yet, just wanted to see if somebody has tried something similar. Thanks Sachin