Hi, On Tue, Apr 07, 2015 at 12:03:37PM -0400, CJ Ess wrote: > This is my first time submitting a modification to haproxy, so I would > appreciate feedback. > > We've been experimenting with using the stick tables feature in Haproxy to > do rate limiting by IP at the edge. We know from past experience that we > will need to maintain a whitelist because schools and small ISPs (in > particular) have a habit of proxying a significant number of requests > through a handful of addresses without providing x-forwarded-for to > differentiate between actual origins. My employer has a strict "we talk to > our customers" policy (what a unique concept!) so when we do rate limit > someone we want to return a custom error page which explains in a positive > way why we are not serving he requested page and how our support group will > be happy to add them to the white list if they contact us. > > This patch adds support for error codes 429 and 405 to Haproxy and a > "deny_status XXX" option to "http-request deny" where you can specify which > code is returned with 403 being the default. We really want to do this the > "haproxy way" and hope to have this patch included in the mainline. We'll > be happy address any feedback on how this is implemented.
That's the good approach. At first glance your work looks fine. I'll review it deeper probably tomorrow if time permits. Thanks, Willy
