Skip to content

Rate limiting via socket #899

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Draft
Dariquest wants to merge 2 commits into
base: master
Choose a base branch
from
+12 −8
Draft

Rate limiting via socket #899

Changes from all commits
Commits
Show all changes
2 commits
Select commit Hold shift + click to select a range
a96942a
Rate limiting via socket
Dariquest Apr 20, 2026
9f59217
Rate limiting via socket
Dariquest Apr 20, 2026
File filter

Filter by extension

Filter by extension
Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
20 changes: 12 additions & 8 deletions jobs/haproxy/templates/haproxy.config.erb
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -319,6 +319,14 @@ global
<%- if backend_match_http_protocol && backends.length == 2 -%>
set-var proc.h2_alpn_tag str(h2)
<%- end -%>
<%- if_p("ha_proxy.connections_rate_limit.table_size", "ha_proxy.connections_rate_limit.window_size") do -%>
<%- if_p("ha_proxy.connections_rate_limit.connections") do |connections| -%>
set-var proc.conn_rate_limit int(<%= connections %>)
<%- end -%>
<%- if_p("ha_proxy.connections_rate_limit.block") do |block| -%>
set-var proc.conn_rate_limit_enabled bool(<%= block ? 1 : 0 %>)
<%- end -%>
<%- end -%>
<%- if p("ha_proxy.always_allow_body_http10") %>
h1-accept-payload-with-any-method
<%- end %>
Expand Down Expand Up @@ -432,10 +440,8 @@ frontend http-in
tcp-request connection reject if layer4_block
<%- if_p("ha_proxy.connections_rate_limit.table_size", "ha_proxy.connections_rate_limit.window_size") do -%>
tcp-request connection track-sc0 src table st_tcp_conn_rate
<%- if_p("ha_proxy.connections_rate_limit.block", "ha_proxy.connections_rate_limit.connections") do |block, connections| -%>
<%-if block -%>
tcp-request connection reject if { sc_conn_rate(0) gt <%= connections %> }
<%- end -%>
<%- if_p("ha_proxy.connections_rate_limit.connections") do -%>
tcp-request connection reject if { var(proc.conn_rate_limit_enabled) -m bool } { sc_conn_rate(0),sub(proc.conn_rate_limit) gt 0 }
<%- end -%>
<%- end -%>
<%- if_p("ha_proxy.requests_rate_limit.table_size", "ha_proxy.requests_rate_limit.window_size") do -%>
Expand Down Expand Up @@ -566,10 +572,8 @@ frontend https-in
tcp-request connection reject if layer4_block
<%- if_p("ha_proxy.connections_rate_limit.table_size", "ha_proxy.connections_rate_limit.window_size") do -%>
tcp-request connection track-sc0 src table st_tcp_conn_rate
<%- if_p("ha_proxy.connections_rate_limit.block", "ha_proxy.connections_rate_limit.connections") do |block, connections| -%>
<%-if block -%>
tcp-request connection reject if { sc_conn_rate(0) gt <%= connections %> }
<%- end -%>
<%- if_p("ha_proxy.connections_rate_limit.connections") do -%>
tcp-request connection reject if { var(proc.conn_rate_limit_enabled) -m bool } { sc_conn_rate(0),sub(proc.conn_rate_limit) gt 0 }
<%- end -%>
<%- end -%>
<%- if_p("ha_proxy.requests_rate_limit.table_size", "ha_proxy.requests_rate_limit.window_size") do -%>
Expand Down