mirrors/haproxy
1
0
Fork 0
mirror of https://git.haproxy.org/git/haproxy.git/ synced 2025-08-07 15:47:01 +02:00
Code Issues Projects Releases Wiki Activity
c3bd972cda
haproxy/include/types
History
Willy Tarreau c3bd972cda [MINOR] session-counters: add a general purpose counter (gpc0) 
This counter may be used to track anything. Two sets of ACLs are available
to manage it, one gets its value, and the other one increments its value
and returns it. In the second case, the entry is created if it did not
exist.

Thus it is possible for example to mark a source as being an abuser and
to keep it marked as long as it does not wait for the entry to expire :

	# The rules below use gpc0 to track abusers, and reject them if
	# a source has been marked as such. The track-counters statement
	# automatically refreshes the entry which will not expire until a
	# 1-minute silence is respected from the source. The second rule
	# evaluates the second part if the first one is true, so GPC0 will
	# be increased once the conn_rate is above 100/5s.
	stick-table type ip size 200k expire 1m store conn_rate(5s),gpc0
	tcp-request track-counters src
	tcp-request reject if { trk_get_gpc0 gt 0 }
	tcp-request reject if { trk_conn_rate gt 100 } { trk_inc_gpc0 gt 0}

Alternatively, it is possible to let the entry expire even in presence of
traffic by swapping the check for gpc0 and the track-counters statement :

	stick-table type ip size 200k expire 1m store conn_rate(5s),gpc0
	tcp-request reject if { src_get_gpc0 gt 0 }
	tcp-request track-counters src
	tcp-request reject if { trk_conn_rate gt 100 } { trk_inc_gpc0 gt 0}

It is also possible not to track counters at all, but entry lookups will
then be performed more often :

	stick-table type ip size 200k expire 1m store conn_rate(5s),gpc0
	tcp-request reject if { src_get_gpc0 gt 0 }
	tcp-request reject if { src_conn_rate gt 100 } { src_inc_gpc0 gt 0}

The '0' at the end of the counter name is there because if we find that more
counters may be useful, other ones will be added.
2010-08-10 18:04:14 +02:00
..
acl.h [CLEANUP] acl: use 'L6' instead of 'L4' in ACL flags relying on contents 2010-06-14 10:53:09 +02:00
auth.h [BUILD] auth: don't use unnamed unions 2010-02-02 11:28:20 +01:00
backend.h [MEDIUM] backend: implement consistent hashing variation 2009-10-09 07:17:58 +02:00
buffers.h [MEDIUM] session: support "tcp-request content" rules in backends 2010-08-10 14:10:58 +02:00
capture.h [MAJOR] last bunch of capture changes for mempool v2 2007-05-13 22:46:04 +02:00
checks.h [MEDIUM] Decrease server health based on http responses / events, version 3 2009-12-16 00:29:27 +01:00
counters.h [MINOR] frontend: count denied TCP requests separately 2010-06-14 10:53:20 +02:00
fd.h [MEDIUM] fd: merge fd_list into fdtab 2009-10-18 08:20:26 +02:00
freq_ctr.h [MINOR] freq_ctr: add new types and functions for periods different from 1s 2010-08-10 14:01:09 +02:00
global.h [MEDIUM] http: revert to use a swap buffer for realignment 2010-02-26 11:12:27 +01:00
hdr_idx.h [BUG] files were missing for hdr_idx in previous commit 2006-12-04 02:20:02 +01:00
httperr.h [MAJOR] udpated the stats page to clearly distinguish FEs and BEs 2007-01-01 21:38:07 +01:00
lb_chash.h [MEDIUM] build: switch ebtree users to use new ebtree version 2009-10-26 21:10:04 +01:00
lb_fwlc.h [MEDIUM] build: switch ebtree users to use new ebtree version 2009-10-26 21:10:04 +01:00
lb_fwrr.h [MEDIUM] build: switch ebtree users to use new ebtree version 2009-10-26 21:10:04 +01:00
lb_map.h [CLEANUP] proxy: move last lb-specific bits to their respective files 2009-10-03 18:41:18 +02:00
log.h [BUILD] fix build on AIX due to recent log changes 2007-12-05 11:11:55 +01:00
pattern.h [CLEANUP] stick_table: add/clarify some comments 2010-06-14 15:10:23 +02:00
pipe.h [MEDIUM] introduce pipe pools 2009-01-25 13:49:53 +01:00
port_range.h [MEDIUM] add support for binding to source port ranges during connect 2009-06-10 12:23:32 +02:00
proto_http.h [MINOR] add the "ignore-persist" option to conditionally ignore persistence 2010-04-25 22:37:14 +02:00
proto_tcp.h [MAJOR] session: add track-counters to track counters related to the session 2010-08-10 18:04:12 +02:00
protocols.h [MINOR] frontend: only check for monitor-net rules if LI_O_CHK_MONNET is set 2010-06-14 10:53:13 +02:00
proxy.h [MINOR] proxy: add a "parent" member to the structure 2010-07-13 16:24:48 +02:00
queue.h [MAJOR] ported pendconn to mempools v2 2007-05-13 20:19:55 +02:00
server.h [MEDIUM] add ability to connect to a server from an IP found in a header 2010-03-30 10:39:43 +02:00
session.h [MAJOR] session: add track-counters to track counters related to the session 2010-08-10 18:04:12 +02:00
signal.h [MINOR] add basic signal handling functions 2009-05-10 09:24:23 +02:00
stick_table.h [MINOR] session-counters: add a general purpose counter (gpc0) 2010-08-10 18:04:14 +02:00
stream_interface.h [MEDIUM] stream-interface: add a ->release callback 2010-07-13 16:06:23 +02:00
task.h [MEDIUM] build: switch ebtree users to use new ebtree version 2009-10-26 21:10:04 +01:00
template.h [CLEANUP] included common/version.h everywhere 2006-06-29 18:54:54 +02:00