Hi
I am trying to implement rate limiting where specific clients rates can be limited to certain paths using a map file. The relevant configuration is:
frontend fe_svc_a_api
...
log global
log-format "[%t] %{Q}[var(txn.rate_limit)] %{Q}[var(txn.request_rate)] %[sc_http_req_rate(0)]"
acl req_limit var(txn.rate_limit),sub(txn.request_rate) lt 0
http-request set-var(txn.rate_limit) path,map_beg(/opt/haproxy/maps/svc_a_api.map,10)
http-request set-var(txn.request_rate) sc_http_req_rate(0)
http-request set-var(txn.client_ip) req.hdr(X-Real-IP)
http-request track-sc0 var(txn.client_ip) table table_svc_a_rate_limiter
use_backend be_429_5s if req_limit
...
backend table_svc_a_rate_limiter
stick-table type string len 50 size 10K expire 5s store http_req_rate(5s)
backend be_429_5s
mode http
http-request tarpit deny_status 429
timeout tarpit 5s
With this configuration the %{Q}[var(txn.rate_limit)] and %[sc_http_req_rate(0)] show correct numbers but %{Q}[var(txn.request_rate)] is “-” and the whole limiting fails as the subtraction never is “less than 0”.
I can’t think of anything other than this line:
http-request set-var(txn.request_rate) sc_http_req_rate(0)
being somehow wrong. What am I doing wrong? What is the proper way of setting a txn variable value to stick-table tracked counter value?
Also - I am actually using a little more complicated stick-table key, but as it is properly populated I don’t think that could have any impact. Another thing is that I have compiled HAProxy (using 2.5.1) with DEFINE="-DMAX_SESS_STKCTR=100"