Hi All,
In one of our feature, we used below configurations in haproxy.cfg to perform rate limiting on all ingress APIs.
frontend https_all_servers
acl binding_api_imsi path_beg /dra/api/bindings/imsi/
http-request deny deny_status 429 if binding_api_imsi { dst,table_http_req_rate(binding_api_imsi_servers) gt 500 }
use_backend binding_api_imsi_servers if binding_api_imsi
backend binding_api_imsi_servers
mode http
balance source
option httpclose
option abortonclose
stick-table type ip size 1m expire 1000ms store http_req_rate(1000ms)
** http-request track-sc1 dst table binding_api_imsi_servers**
server haproxy-api-s101 haproxy-api-s101:80 check inter 10s resolvers dns resolve-prefer ipv4
If user set rate limit as 500 and sending 600 requests per second. We expected that haproxy will store first 500 requests in stick table and send 429 deny status for remaining 100 requests. So that haproxy will maintain 500 requests per second in stick table. Also after 1 second, stick table entries will get expire since we set expire value as 1000 milliseconds.
But with this config, we are seeing 429 deny status for almost 200 requests. So rate limit is happening at 400 even though user set rate limit as 500.
If anyone did rate limiting using haproxy, can you please help us on this?