2

I try to limit the number of concurrent connections using HAProxy stick-tables based on HTTP header fields. I could find plenty of examples using IP addresses, but this doesn't work in my case. Our application differs user account solely on the HTTP header field x-account and expects requests coming from multiple IPs simultaneously.

At this point I cannot provide any error message or anything as I wasn't able to understand the configuration so far. Thus this is a very basic question about the usage/configuration of HAProxy.

From what I understood after reading the HAProxy documentation:

I define the stick-table as follows:

stick-table type string size 100m store conn_cur

This should provide me a table to store my header fields in. I didn't add expire as I actually don't care to much and the values will be highly repetitive anyway. Also ee don't expect much more than 5K-10K entries i.e. different accounts.

So far, the documentation was pretty clear, but starting from here my troubles start. I guess I need a line which tells HAProxy that it should associate the value of the header field with the connection and report it being opened and eventually closed. Could this be something like this?

stick store-request hdr(x-account) account_table

And than there must be a line that denies/tarpits the request if max number of sessions for this user is exceeded. Something like this I guess:

http-request tarpit if hdr(x-account) account_table gt 10

At least that is what I would expect, but I might be completely wrong though. As I said before, I couldn't find any example using strings in a stick-table. If it helps, I can provide the complete HAProxy configuration, but I think it's not relevant as this is just part of a front-end definition, right?

Any help is appreciated.

Cheers, Ralph

Ralph
  • 33
  • 5

0 Answers0