Gitiles
Code Review Sign In
git01.mediatek.com / haproxy / f73cd1198f21d65e8c65dd9df67feacdcd980594^! / . / doc / configuration.txt
commitf73cd1198f21d65e8c65dd9df67feacdcd980594[log] [tgz]
authorWilly Tarreau <w@1wt.eu>Sat Aug 13 01:45:16 2011 +0200
committerWilly Tarreau <w@1wt.eu>Sat Aug 13 01:45:16 2011 +0200
tree816abc29a104e9c6c2ac577b8e5201ce1136878d
parent927cdddf9cc1967f9b91b75e8783eb148df34297 [diff] [blame]
[MINOR] session-counters: add the ability to clear the counters

Sometimes it can be useful to reset a counter : one condition increments
it and another one resets it. It can be used to better detect abuses.

diff --git a/doc/configuration.txt b/doc/configuration.txt
index ffa5c5f..41e8671 100644
--- a/doc/configuration.txt
+++ b/doc/configuration.txt

@@ -7231,6 +7231,23 @@
   counters, measured in amount of bytes over the period configured in the
   table. See also src_bytes_out_rate.
 
+sc1_clr_gpc0
+sc2_clr_gpc0
+  Clears the first General Purpose Counter associated to the currently tracked
+  counters, and returns its previous value. Before the first invocation, the
+  stored value is zero, so first invocation will always return zero. The test
+  can also be used alone and always returns true. This is typically used as a
+  second ACL in an expression in order to mark a connection when a first ACL
+  was verified :
+
+        # block if 5 consecutive requests continue to come faster than 10 sess
+        # per second, and reset the counter as soon as the traffic slows down.
+        acl abuse sc1_http_req_rate gt 10
+        acl kill  sc1_inc_gpc0 gt 5
+        acl save  sc1_clr_gpc0
+        tcp-request connection accept if !abuse save
+        tcp-request connection reject if abuse kill
+
 sc1_conn_cnt
 sc2_conn_cnt
   Returns the cumulated number of incoming connections from currently tracked
@@ -7346,6 +7363,23 @@
   amount of bytes over the period configured in the table. If the address is
   not found, zero is returned. See also sc1/sc2_bytes_out_rate.
 
+src_clr_gpc0 <integer>
+src_clr_gpc0(<table>) <integer>
+  Clears the first General Purpose Counter associated to the connection's
+  source IPv4 address in the current proxy's stick-table or in the designated
+  stick-table, and returns its previous value. If the address is not found, an
+  entry is created and 0 is returned. The test can also be used alone and
+  always returns true. This is typically used as a second ACL in an expression
+  in order to mark a connection when a first ACL was verified :
+
+        # block if 5 consecutive requests continue to come faster than 10 sess
+        # per second, and reset the counter as soon as the traffic slows down.
+        acl abuse src_http_req_rate gt 10
+        acl kill  src_inc_gpc0 gt 5
+        acl save  src_clr_gpc0
+        tcp-request connection accept if !abuse save
+        tcp-request connection reject if abuse kill
+
 src_conn_cnt <integer>
 src_conn_cnt(<table>) <integer>
   Returns the cumulated number of connections initiated from the current