contrib/spoa_example/README - haproxy - Gitiles

 A Random IP reputation service acting as a Stream Processing Offload Agent
 --------------------------------------------------------------------------

 This is a very simple service that implement a "random" ip reputation
 service. It will return random scores for all checked IP addresses. It only
 shows you how to implement a ip reputation service or such kind of services
 using the SPOE.


   Start the service
 ---------------------

 After you have compiled it, to start the service, you just need to use "spoa"
 binary:

     $> ./spoa  -h
     Usage: ./spoa [-h] [-d] [-p <port>] [-n <num-workers>]
         -h                  Print this message
         -d                  Enable the debug mode
         -p <port>           Specify the port to listen on (default: 12345)
         -n <num-workers>    Specify the number of workers (default: 5)

 Note: A worker is a thread.


   Configure a SPOE to use the service
 ---------------------------------------

 All information about SPOE configuration can be found in "doc/SPOE.txt". Here is
 the configuration template to use for your SPOE:

     [ip-reputation]

     spoe-agent iprep-agent
         messages check-client-ip

         option var-prefix iprep

         timeout hello      100ms
         timeout idle       30s
         timeout processing 15ms

         use-backend iprep-backend

     spoe-message check-client-ip
         args src
         event on-client-session


 The engine is in the scope "ip-reputation". So to enable it, you must set the
 following line in a frontend/listener section:

     frontend my-front
         ...
         filter spoe engine ip-reputation config /path/spoe-ip-reputation.conf
 	....

 where "/path/spoe-ip-reputation.conf" is the path to your SPOE configuration
 file. The engine name is important here, it must be the same than the one used
 in the SPOE configuration file.

 IMPORTANT NOTE:
     Because we want to send a message on the "on-client-session" event, this
     SPOE must be attached to a proxy with the frontend capability. If it is
     declared in a backend section, it will have no effet.


 Because, in SPOE configuration file, we declare to use the backend
 "iprep-backend" to communicate with the service, you must define it in HAProxy
 configuration. For example:

     backend iprep-backend
         mode tcp
 	timeout server 1m
 	server iprep-srv 127.0.0.1:12345 check maxconn 5


 In reply to the "check-client-ip" message, this service will set the variable
 "ip_score" for the session, an integer between 0 and 100. If unchanged, the
 variable prefix is "iprep". So the full variable name will be
 "sess.iprep.ip_score".

 You can use it in ACLs to experiment the SPOE feature. For example:

     tcp-request content reject if { var(sess.iprep.ip_score) -m int lt 20 }

 With this rule, all IP address with a score lower than 20 will be rejected
 (Remember, this score is random).
	A Random IP reputation service acting as a Stream Processing Offload Agent
	--------------------------------------------------------------------------

	This is a very simple service that implement a "random" ip reputation
	service. It will return random scores for all checked IP addresses. It only
	shows you how to implement a ip reputation service or such kind of services
	using the SPOE.


	Start the service
	---------------------

	After you have compiled it, to start the service, you just need to use "spoa"
	binary:

	$> ./spoa -h
	Usage: ./spoa [-h] [-d] [-p <port>] [-n <num-workers>]
	-h Print this message
	-d Enable the debug mode
	-p <port> Specify the port to listen on (default: 12345)
	-n <num-workers> Specify the number of workers (default: 5)

	Note: A worker is a thread.


	Configure a SPOE to use the service
	---------------------------------------

	All information about SPOE configuration can be found in "doc/SPOE.txt". Here is
	the configuration template to use for your SPOE:

	[ip-reputation]

	spoe-agent iprep-agent
	messages check-client-ip

	option var-prefix iprep

	timeout hello 100ms
	timeout idle 30s
	timeout processing 15ms

	use-backend iprep-backend

	spoe-message check-client-ip
	args src
	event on-client-session


	The engine is in the scope "ip-reputation". So to enable it, you must set the
	following line in a frontend/listener section:

	frontend my-front
	...
	filter spoe engine ip-reputation config /path/spoe-ip-reputation.conf
	....

	where "/path/spoe-ip-reputation.conf" is the path to your SPOE configuration
	file. The engine name is important here, it must be the same than the one used
	in the SPOE configuration file.

	IMPORTANT NOTE:
	Because we want to send a message on the "on-client-session" event, this
	SPOE must be attached to a proxy with the frontend capability. If it is
	declared in a backend section, it will have no effet.


	Because, in SPOE configuration file, we declare to use the backend
	"iprep-backend" to communicate with the service, you must define it in HAProxy
	configuration. For example:

	backend iprep-backend
	mode tcp
	timeout server 1m
	server iprep-srv 127.0.0.1:12345 check maxconn 5


	In reply to the "check-client-ip" message, this service will set the variable
	"ip_score" for the session, an integer between 0 and 100. If unchanged, the
	variable prefix is "iprep". So the full variable name will be
	"sess.iprep.ip_score".

	You can use it in ACLs to experiment the SPOE feature. For example:

	tcp-request content reject if { var(sess.iprep.ip_score) -m int lt 20 }

	With this rule, all IP address with a score lower than 20 will be rejected
	(Remember, this score is random).