Skip to content

Instantly share code, notes, and snippets.

@axot

axot/haproxy.md

Last active September 9, 2019 02:38
Show Gist options
  • Star 0 You must be signed in to star a gist
  • Fork 0 You must be signed in to fork a gist
  • Save axot/38f0c4c75f0efdd4f47dd6616d719af1 to your computer and use it in GitHub Desktop.
Save axot/38f0c4c75f0efdd4f47dd6616d719af1 to your computer and use it in GitHub Desktop.
Download ZIP
HAProxy rate limit across overall http requests.
Raw
haproxy.md

Here are many examples to limit RPS for each client, at the same time, we also need a way to setup a global request limit.

There are two requirements for this purpose.

  1. instead track client ip, we need a global track.
  2. assume we want to setup 1k RPS as a global limit, it should alway allow first 1k requests and only cut off the excess parts.

Here is an example,

frontend fe
  bind :80
  
  # we defined a table here and use gpc0 for counting approved access.
  stick-table  type ip  size 100  expire 5s  store gpc0_rate(1s)
  
  # instead track client's ip, use server ip here which always get a single ip address.
  http-request track-sc0 dst

  # define an acl to check whether RPS is greater than 1k.   
  # Acl will be executed when it be called in an action below.
  acl abuse fe_req_rate     gt 1000
  
  # always allow the first 1k access.
  acl save  sc_gpc0_rate(0) lt 1000

  # deny all excess access here
  http-request deny deny_status 429 if abuse !save

  # gpc0 += 1 if current access is not excess our limit
  http-request sc-inc-gpc0(0) save

  use_backend servers

backend servers
  server example-server xxx.xxx.xxx.xxx
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment