Limiting multiple IP connections per SNI in HAProxy

mhwmdkm · October 4, 2024, 10:11pm

Hi everyone,

I’m currently using HAProxy with wildcard SNI, and each user connects with their own unique SNI. I’m looking to implement a connection limit where:

Only one IP can be connected to the server per SNI at a time.
If a second IP tries to connect using the same SNI while the first IP is still connected, it should be denied.
After the current IP disconnects, no other IP should be able to connect with the same SNI for at least one minute (essentially creating a cooldown period before another IP can reuse the SNI).

Is this possible to achieve with HAProxy, and if so, what would be the best approach? I’d appreciate any guidance or example configurations.

Thank you!

vincentmli · October 29, 2024, 7:23pm

not sure about HAProxy, maybe something like xdp-tools/xdp-sni at master · vincentmli/xdp-tools · GitHub could be modified to achieve that.

Topic		Replies	Views
SNI Routing - Session Counts Doubled Help!	2	657	October 2, 2017
Strange behavior observed with SNI Help!	1	172	August 17, 2023
Backend server cooldown Help!	4	747	September 25, 2018
Rate-limit connections per ip for smtp frontend Help!	3	1496	June 18, 2017
Concurrent Connections over sessionid Help!	7	937	March 15, 2020

Limiting multiple IP connections per SNI in HAProxy

Related topics