On Wed, Apr 08, 2015 at 02:13:44AM +0200, Willy Tarreau wrote: > Hi, > > On Tue, Apr 07, 2015 at 12:03:37PM -0400, CJ Ess wrote: > > This is my first time submitting a modification to haproxy, so I would > > appreciate feedback. > > > > We've been experimenting with using the stick tables feature in Haproxy to > > do rate limiting by IP at the edge. We know from past experience that we > > will need to maintain a whitelist because schools and small ISPs (in > > particular) have a habit of proxying a significant number of requests > > through a handful of addresses without providing x-forwarded-for to > > differentiate between actual origins. My employer has a strict "we talk to > > our customers" policy (what a unique concept!) so when we do rate limit > > someone we want to return a custom error page which explains in a positive > > way why we are not serving he requested page and how our support group will > > be happy to add them to the white list if they contact us. > > > > This patch adds support for error codes 429 and 405 to Haproxy and a > > "deny_status XXX" option to "http-request deny" where you can specify which > > code is returned with 403 being the default. We really want to do this the > > "haproxy way" and hope to have this patch included in the mainline. We'll > > be happy address any feedback on how this is implemented. > > That's the good approach. At first glance your work looks fine. I'll review > it deeper probably tomorrow if time permits.
OK, the patch is clean, does the thing correctly and is properly documented. I've merged it. That's a good start for a first time :-) Next time however, please provide a real name as the author, that makes it easier to know who does what, and it's easier to recall people by their names than by aliases. Thanks! Willy
