Re: Count Inflight Requests in a stick-table

Tue, 11 Feb 2025 00:52:49 -0800 

Hi,

i make use of track-sc, however it did not work as i like too:

so this ich my Layer3 code for SRC-IP
```
frontend https
        maxconn 100000
        bind ipv4@:443,ipv6@:443 mss 1280 ssl crt
/etc/haproxy/ssl/default.pem crt /etc/haproxy/ssl/ verify none alpn
h2,http/1.1

        # Track connection rate per IP in the defined table
        tcp-request connection track-sc2 src table limit_src

        # Define an ACL for rate limiting (750 connections per second per IP)
        acl conn_rate_exceeded sc_conn_cur(2,limit_src) gt 10

        # Drop only excessive connections (above 750/sec), allow others
        tcp-request connection reject if conn_rate_exceeded

....
backend limit_src
       stick-table type ipv6 size 64k expire 1m store conn_cur

```

My goal is to allow a continuous request flow toward /<username>/ so
that users can access public profiles, but prevent excessive requests
from multiple source IPs overwhelming a single profile.

Thanks,
Ansgar

Am Di., 11. Feb. 2025 um 09:08 Uhr schrieb Willy Tarreau <w...@1wt.eu>:
>
> Hi Ansgar,
>
> On Tue, Feb 11, 2025 at 08:49:29AM +0100, Ansgar Jazdzewski wrote:
> > Hi Folks,
> >
> > I'm looking for a way to count the number of in-flight operations per
> > user (extracted from the URL path) and store that value in a variable.
> > My goal is to track and enforce a per-user concurrency limit using
> > HAProxy's stick tables and GPC.
> >
> > My approach is to use a GPC counter, incrementing it on request and
> > decrementing it when the response is sent.
> >
> > Draft Configuration;
> > ```
> > frontend http-in
> >     bind *:80
> >
> >     stick-table type string size 1m expire 10m store gpc0
> >     http-request set-var(txn.user) path,regsub(^/([^/]+)/.*$,\1)
> >     http-request track-sc0 var(txn.user)
> >
> >     # Increase in-flight counter
> >     http-request set-var(txn.gpc0) sc_inc_gpc0()
> >
> >     # Limit concurrent requests per user to 5
> >     acl user_over_limit sc_get_gpc0() gt 5
> >     http-request deny if user_over_limit
> >
> >     # Decrease in-flight counter when response is sent
> >     http-response set-var(txn.gpc0) sc_dec_gpc0()
> >     ...
> > ```
> >
> > However, sc_dec_gpc0() does not seem to be implemented yet. Do you
> > think such a function is needed, or is there another approach I could
> > take to track in-flight operations per user effectively?
>
> There is much simpler. Please have a look at sc_trackers(). It returns
> the number of active "track-sc" on a given entry. I think it does
> exactly what you're looking for, without requiring to increment nor
> decrement a counter.
>
> Regards,
> Willy

Reply via email to