Logging throttled IP's


#1

Hello.
We are throttling IP’s like so.

frontend testing
bind *:443
mode tcp
acl too_many_uploads_by_user sc0_gpc0_rate() gt 100
acl mark_seen sc0_inc_gpc0 gt 0
stick-table type string size 100k store gpc0_rate(10s)
tcp-request content track-sc0 src
tcp-request connection reject if bad_ip
tcp-request inspect-delay 1000ms
use_backend slow_down if mark_seen too_many_uploads_by_user
default_backend testing_backend

backend testing_backend
mode tcp
balance leastconn
server abc1 1.1.1.1:5443 check maxconn 500
server abc2 1.1.1.2:5443 check maxconn 500

backend slow_down
timeout tarpit 2s
http-request tarpit

I am looking to log to file all IPs that get throttled to the slow_down backend. Is this possible with configuration ?

thank you for an help.


#2

Unless specifically configured not to, you would always see which backend and server a certain request hit. So this comes for free when you configure logging.


#3

Can I put something in the config that will write these IP’s out to a specific file ?


#4

Not a file, you need to log to your syslog deamon, via unix or udp socket. Like this: