I am using HAProxy 2.8.5 Community Edition to load balance my API.
Right now i am using rate limit rules in each backend section. What i do is track each source ip and limit each source ip that exceeds 100rps.
So my backend configuration looks like that..
backend be1
fullconn 2000 # Connections Limit for this backend mode http balance leastconn # Distribute request to server with least connections option httpchk GET /health # Health check: GET /health http-check expect status 200 # Expect 200 OK response http-check expect string Healthy # Expect body to contain "Healthy" stick-table type ip size 50k expire 1s store http_req_rate(1s) # Create a stick-table to store data about client IPs. It holds 50,000 entries. Each entry expires after 1 second of inactivity. It is configured to store and track the rate of HTTP requests over a 1-second window. # ========= RATE LIMIT ACLs (MUST BE BEFORE "http-request track-sc0 src" LINE) ========= acl example_path path_beg /example # ========= RATE LIMIT RULES. (MUST BE BEFORE "http-request track-sc0 src" LINE) ========= http-request return status 299 content-type "text/plain" lf-string "Rate limit exceeded." if { src,table_http_req_rate() gt 99 } example_path http-request track-sc0 src # For every incoming HTTP request, track the client's source IP ('src') in counter #0 ('sc0') of the stick-table. # Servers handle live traffic on port 80, health checks on port 8109 server backend1 10.0.10.57:80 check port 8108 server backend2 10.0.10.63:80 check port 8108 server backend3 10.0.10.64:80 check port 8108 This scenario works only if this backend is receiving requests from 1 source ip only. If muliple IPs are sending the requests is problematic.
So what i need is for each passing second to count all incoming requests for this backend, and if 100rps is exceeded then apply the rate limit rule, no matter how many source IPs are sending the requests.
Any ideas?
