despite many examples and reading the haproxy docs, I still don’t manage to do the following:
note that we use haproxy 1.5.14
we use haproxy to distribute HTTP requests (roundrobin) over a number of backends.
I would like to limit the number of HTTP requests on the frontend, regardless from which IP address they are coming.
Initially I used something like:
stick-table type ip size 500k expire 2s store http_req_rate(1s)
tcp-request connection track-sc1 src
timeout tarpit 1000
acl abuse_xxx src_http_req_rate(frontend_name) ge 5
http-request tarpit if abuse_xxx
This worked when sending requests from 1 ip address, in this case allowing 5 requests per second.
As far as I understand, the stick-table type ip counts entries per IP address. We don’t want this, throttling has to be done on the total number of HTTP requests, independent from the client ip.
To throttle on the total, I expect I need to use the url path in some way, as these are the same for each client, only the client ip address differs.
So far I did not manage to do so, when using stick tables with type string, I did not find a way to store entries in this table in the frontend, when adding entries to the backend, socat shows 1 entry per request instead of a total.
so: I need some guidance here