Limiting simultaneous connexion per seconds by IP with HAproxy

In a previous post I described a way to just to this. Turns out it would not work properly through connexions using the “accept-proxy” keyword. The proper configuration is :

frontend a
 bind ...
 stick-table type ip size 200k expire 2m store conn_cur
 acl source_is_abuser sc1_conn_cur gt 2
 tcp-request content track-sc1 src
 use_backend slow if source_is_abuser
 default_backend fast

 backend slow
 server a ... maxconn 1 check
 server b ... maxconn 1 check

 backend fast
 server a ... maxconn 10 check
 server b ... maxconn 10 check
Advertisements

One thought on “Limiting simultaneous connexion per seconds by IP with HAproxy

Leave a Reply

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out / Change )

Twitter picture

You are commenting using your Twitter account. Log Out / Change )

Facebook photo

You are commenting using your Facebook account. Log Out / Change )

Google+ photo

You are commenting using your Google+ account. Log Out / Change )

Connecting to %s