@seobi wrote:
I am building with 2layer as shown in the picture.
main haproxy is responsible for ssh decode and main server, and sub haproxy manages acl.Sub haproxy has sticky table information and acl access limit.
When you check the information in the “show table”, you are connected.# table: pcweb-limit-back, type: ip, size:268435456, used:2 0x1dcc20c: key=10.11.12.123 use=0 exp=26377 gpc0=0 0x1dcc67c: key=10.11.12.124 use=0 exp=25909 gpc0=1
Only main haproxy ip (10.11.12.124) will increase gpc0 count only.
client ip (10.11.12.123) does not increase gpc0 count.How can I increase the gpc0 count of the client ip (10.11.12.123)?
Or if you have a setting to restrict server inflows in other ways, please guide.
Thank you in advance
Main HAproxy config
### # # Global Setting # ### global log 127.0.0.1 local2 uid 99 gid 99 daemon ### # # Peers Setting # ### peers peerlist peer main-hpx 10.11.12.124:11000 ### # # Default Setting # ### defaults log global timeout connect 150s #all client - server timeout client 5m #all client - vip timeout server 5m #vip server - real server mode http ### # # Frontend Proxy Setting # ### frontend main-haproxy bind 10.11.12.124:80 bind 10.11.12.124:443 ssl crt /etc/haproxy/decode.dec maxconn 100000 bind-process 1 default_backend sub-haproxy ### # # Backend Proxy Setting # ### backend sub-haproxy mode http balance roundrobin fullconn 100000 bind-process 1 option forwardfor # haproxy server sub-hpx 10.11.12.125:80 check inter 5s fall 2 port 11001
Sub HAproxy config
global log 127.0.0.1 local2 uid 99 gid 99 daemon maxconn 160000 peers peerlist peer sub-hpx 10.11.12.125:11025 defaults log global timeout connect 150s timeout client 5m timeout server 5m mode http frontend pcweb-front mode http bind 10.11.12.125:80 maxconn 100000 log-format (%f)\ %ci:%cp\ to\ %s\ %{+Q}r\ %ST default_backend pcweb-back acl is_location url_beg /location/id/1234 use_backend pcweb-limit-back if is_location backend pcweb-back mode http balance roundrobin fullconn 100000 option httpchk GET /monitor/l7check http-request set-header X-Forwarded-For %[src] # fixed server server web-server1 10.22.23.123 check inter 5s fall 2 port 80 server web-server2 10.22.23.124 check inter 5s fall 2 port 80 backend pcweb-limit-back balance roundrobin fullconn 100000 mode http option httpchk GET /monitor/l7check option forwardfor # Table definition stick-table type ip size 256m expire 1m store gpc0 peers peerlist http-request track-sc0 hdr(X-Forwarded-For) table pcweb-limit-back # Accepting connection condition acl under_limit table_cnt lt 10 http-request allow if under_limit { src_inc_gpc0 ge 1 } redirect location http://domiain.com/error.html if !under_limit { src_get_gpc0 eq 0 } # fixed server server web-server3 10.22.23.125 check inter 5s fall 2 port 80 server web-server4 10.22.23.126 check inter 5s fall 2 port 80
Posts: 1
Participants: 1