Reference

set table

Add or update a record in a stick table.

Description Jump to heading

Use set table to add or create a record in a stick table, typically to flag a client manually and then block them.

Examples Jump to heading

Consider this real-world example that uses a stick-table to track clients that exceed a rate limit and bans clients that exceed the limit three times:

haproxy
frontend fe_main
bind :80
# define stick table
stick-table type ip size 100k expire 24h store http_req_rate(5s),gpc0,gpt0
# begin tracking requests where the key in the table
# is the client's source IP
http-request track-sc0 src
# has the client exceeded 20 requests in 5 seconds?
acl exceeds_rate_limit sc_http_req_rate(0) gt 20
# flag them if they exceeded the limit
http-request sc-set-gpt0(0) 1 if exceeds_rate_limit
# if they exceeded the limit 3 times, mark them as a known speeder
acl known_speeder sc_get_gpc0(0) ge 3
# deny all clients that exceed the limit or are known speeders
http-request deny deny_status 429 if exceeds_rate_limit || known_speeder
# count each time they exceed the limit if they were flagged
acl issue_speeding_ticket sc_get_gpt0(0) eq 1
http-request sc-inc-gpc0(0) if issue_speeding_ticket
# reset the flag
http-request sc-set-gpt0(0) 0
default_backend be_servers
haproxy
frontend fe_main
bind :80
# define stick table
stick-table type ip size 100k expire 24h store http_req_rate(5s),gpc0,gpt0
# begin tracking requests where the key in the table
# is the client's source IP
http-request track-sc0 src
# has the client exceeded 20 requests in 5 seconds?
acl exceeds_rate_limit sc_http_req_rate(0) gt 20
# flag them if they exceeded the limit
http-request sc-set-gpt0(0) 1 if exceeds_rate_limit
# if they exceeded the limit 3 times, mark them as a known speeder
acl known_speeder sc_get_gpc0(0) ge 3
# deny all clients that exceed the limit or are known speeders
http-request deny deny_status 429 if exceeds_rate_limit || known_speeder
# count each time they exceed the limit if they were flagged
acl issue_speeding_ticket sc_get_gpt0(0) eq 1
http-request sc-inc-gpc0(0) if issue_speeding_ticket
# reset the flag
http-request sc-set-gpt0(0) 0
default_backend be_servers
  1. Use show table with the name of the table to display the records in that table.

    bash
    echo "show table fe_main" | \
    sudo socat stdio tcp4-connect:127.0.0.1:9999
    bash
    echo "show table fe_main" | \
    sudo socat stdio tcp4-connect:127.0.0.1:9999
    output
    bash
    # table: fe_main, type: ip, size:102400, used:1
    0x5641b364f7e8: key=192.168.50.19 use=0 exp=86398242 gpt0=0 gpc0=3 http_req_rate(5000)=5
    0x5641b364f7e8: key=192.168.50.24 use=0 exp=86398220 gpt0=0 gpc0=1 http_req_rate(5000)=5
    0x5641b364f7e8: key=192.168.50.30 use=0 exp=86398250 gpt0=0 gpc0=0 http_req_rate(5000)=5
    output
    bash
    # table: fe_main, type: ip, size:102400, used:1
    0x5641b364f7e8: key=192.168.50.19 use=0 exp=86398242 gpt0=0 gpc0=3 http_req_rate(5000)=5
    0x5641b364f7e8: key=192.168.50.24 use=0 exp=86398220 gpt0=0 gpc0=1 http_req_rate(5000)=5
    0x5641b364f7e8: key=192.168.50.30 use=0 exp=86398250 gpt0=0 gpc0=0 http_req_rate(5000)=5

    Here, it lists records in the table fe_main.

  2. Use set table to manually set the gpt0 counter to 1 and the gpc0 counter to 3 for the client with the IP address 192.168.50.30.

    Prefix each counter that you want to set with data:

    bash
    echo "set table fe_main key 192.168.50.30 data.gpt0 1 data.gpc0 3" | \
    sudo socat stdio tcp4-connect:127.0.0.1:9999
    bash
    echo "set table fe_main key 192.168.50.30 data.gpt0 1 data.gpc0 3" | \
    sudo socat stdio tcp4-connect:127.0.0.1:9999

See also Jump to heading

If this page was useful, please, Leave the feedback.