Welcome! Log In Create A New Profile

Advanced

Using sticky-tables and keys from backends

Posted by Himer MARTINEZ 
Himer MARTINEZ
Using sticky-tables and keys from backends
December 04, 2017 05:30PM
Hello Guys,

I'm sorry to botter you ! I'm a beginner with HAProxy and I'm very excited
with all the capabilities, the documentation is very complete and rich but
exactly too rich to be understood quickly :-)

My question ...

I'm tracking http requests rates in a backend sticky-table (let's say
"api-b2b") based on header authorization value.

This tracking is working fine, I can see the sticky tables entries with
socat and the request rate for the specified user based on his
Authorization Header value as "key".

I would like to block (deny or tarpit) requests on the frontend side when,
for exemple, the rate is greater than 10, I can us the specified counter
from the table but I didn't find out how to check for the specified
Authorization Header value from the incoming requests...something like acl
too-much-requests-b2b sc0_http_req_rate(api-b2b) gt 10 (where I can set the
<key>, I mean hdr(Authorization), or how to do this...

Thank you really much for any help !

Best regards !

My config...

------------------------------------------------------------------------------------------------------------------------

frontend http
bind *:80
mode http
stats uri /stats

default_backend api-gateway

# backend b2b
acl is_b2b path_beg -i /b2b
use_backend api-b2b if is_b2b

# backend b2c
acl is_b2c path_beg -i /b2c
use_backend api-b2c if is_b2c

# store req rate for further
purposes
stick-table type ip size 1m expire 30s store http_req_rate(60s)
tcp-request connection track-sc0 src

# block requests if rate greater is than 10
acl too-much-requests-b2b sc0_http_req_rate(api-b2b) gt 10
acl too-much-requests-b2c sc0_http_req_rate(api-b2c) gt 30

http-request deny if is_b2b too-much-requests-b2b
http-request deny if is_b2c too-much-requests-b2c

backend api-gateway
server api-gateway-g1 localhost:8080 check
server api-gateway-g2 localhost:8081 check

backend api-b2b
balance hdr(Authorization)
server api-gateway-g1 localhost:8080 check
server api-gateway-g2 localhost:8081 check
stick-table type string size 1m store http_req_rate(10s)
tcp-request content track-sc0 hdr(Authorization)

backend api-b2c
balance hdr(Authorization)
server api-gateway-g1 localhost:8080 check
server api-gateway-g2 localhost:8081 check
stick-table type string size 1m store http_req_rate(10s)
tcp-request content track-sc0 hdr(Authorization)
Sorry, only registered users may post in this forum.

Click here to login