2

I'm trying to achieve this scenario :

On a specific path only, I receive a steady 9 requests/sec on the frontend. Everything is fine, use the regular Backend. I now receive 11 req/s, I want to reject any requests above 10. But still want to continue replying to a maximum of 10 req/sec.

Everything I have found and tried implementing (like this : https://blog.codecentric.de/en/2014/12/haproxy-http-header-rate-limiting/), are black or white solution, it drops everything once the rate is reached. So it's a protection against DDOS, abuser, but not a real rate limiting solution.

Is there any way to achieve that ?
PS: using HAproxy 1.5.8

Bastien974
  • 1,896
  • 12
  • 44
  • 62
  • 1
    Have you tried maxconnrate? http://cbonte.github.io/haproxy-dconv/configuration-1.5.html#3.2-maxconnrate – Mark Wagner Jul 07 '15 at 21:29
  • Or by using `rate-limit sessions ` ([docs](http://cbonte.github.io/haproxy-dconv/configuration-1.5.html#rate-limit)) in the frontend. – GregL Jul 08 '15 at 12:09
  • Sorry, I forgot to add an important requirement, I need to limit just a specific path, not frontend wide. `maxconnrate` is a global setting and wouldn't work for me.`rate-limit sessions` does what I want but is frontend-wide. – Bastien974 Jul 08 '15 at 12:53

1 Answers1

6

If you want to use rate-limit sessions, is the following feasible for you?

frontend http_in
   bind 0.0.0.0:80
   acl is_path url_beg /path/example/
   use_backend forwarder if is_path

backend forwarder
   server localhost 127.0.0.1:4444 send-proxy

frontend limit_path_backend
   bind 127.0.0.1:4444 accept-proxy
   rate-limit sessions 10
   default_backend webnodes
bjoernbessert
  • 76
  • 1
  • 1
    Was about to post it, I got the same solution from the mailing list and confirmed by Willy that it's the recommended way. Note that the last frontend can be a "listen" with the server directly declared in it (instead of having another frontend + backend). – Bastien974 Jul 10 '15 at 15:15