On Tue, Feb 11, 2025 at 09:50:33AM +0100, Ansgar Jazdzewski wrote: > Hi, > > i make use of track-sc, however it did not work as i like too: > > so this ich my Layer3 code for SRC-IP > ``` > frontend https > maxconn 100000 > bind ipv4@:443,ipv6@:443 mss 1280 ssl crt > /etc/haproxy/ssl/default.pem crt /etc/haproxy/ssl/ verify none alpn > h2,http/1.1 > > # Track connection rate per IP in the defined table > tcp-request connection track-sc2 src table limit_src > > # Define an ACL for rate limiting (750 connections per second per IP) > acl conn_rate_exceeded sc_conn_cur(2,limit_src) gt 10 > > # Drop only excessive connections (above 750/sec), allow others > tcp-request connection reject if conn_rate_exceeded > > .... > backend limit_src > stick-table type ipv6 size 64k expire 1m store conn_cur > > ``` > > My goal is to allow a continuous request flow toward /<username>/ so > that users can access public profiles, but prevent excessive requests > from multiple source IPs overwhelming a single profile.
But did you actually *look* at sc_trackers() that I suggested in my response ? I'm not seeing it in your configuration so I doubt you've tested it. Also please don't top-post, that makes it very unconvenient to comment (and usually it encourages to skip important information). Thanks, Willy
