HAProxy community

Haproxy 1.8 sc0_get_gpc0 activate acl from bad request count


#1

I’m running HAproxy 1.8 and trying to track a general counter with a stick-table, but each time it’s called by the ACL it isn’t returning true.

My expectations are; once the counter goes above 5 the ACL will cause it to go to a different backend. What could be going wrong?

# default block configs are set to http settings

frontend my_service
  bind *:80
  tcp-request inspect-delay 5s

  acl bad_request sc0_get_gpc0(my_service_bk) gt 5
  use_backend my_service_bad_bk if bad_request

  default_backend my_service
backend my_service_bad_bk
  errorfile 503 /etc/haproxy/429.http
backend my_service
  http-request track-sc0 req.fhdr(X-My-Service)
  http-response sc-inc-gpc0 if { status gt 399 }
  stick-table type string len 350 size 10m expire 10m store gpc0

  balance roundrobin
  server .....
  server .....

I look up the stick-table stats and it shows this after 6 requests:
0x7f2279cdsa42: key=test use=0 exp=278850 gpc0=6

And it still sends it to the wrong backend (my_service)

I also posted it here before finding this discussion board: https://stackoverflow.com/questions/48179699/haproxy-1-8-sc0-get-gpc0-activate-acl-from-bad-request-count


#2

I figured it out, below is the working code:

    # default block configs are set to http settings

frontend my_service
  bind *:80
  tcp-request inspect-delay 5s

  http-request track-sc0 req.fhdr(X-My-Service)
  stick-table type string len 350 size 10m expire 10m store gpc0

  default_backend my_service
backend my_service
  http-response sc-inc-gpc0 if { status gt 399 }

  acl bad_request sc0_get_gpc0(my_service) gt 5
  use-server bad_request if bad_reqest

  balance roundrobin
  server bad_request localhost:9090 weight 0

  # normal app servers below this without weight 0
  server .....

frontend bad_requests
  bind localhost:9090

  default_backend my_service_bad

backend my_service_bad
  errorfile 503 /etc/haproxy/429.http