仅当用户的IP存在于stick表(mock-backend-xxx)中时,我才需要允许用户通过TCP访问后端。 当stick table记录过期/被删除时,是否可以断开用户TCP会话的连接? 棍子表是通过socat从其他服务更新的。
到目前为止,这是我的后端/前端配置:
frontend frontend-xxx
mode tcp
default_backend backend-xxx
bind :30011
acl is_allowed src_get_gpc0(mock-backend-xxx) eq 1
tcp-request connection reject if !is_allowed
tcp-request content reject if !is_allowed
tcp-request session reject if !is_allowed
backend backend-xxx
mode tcp
balance roundrobin
option tcp-check
acl is_allowed src_get_gpc0(mock-backend-xxx) eq 1
tcp-request inspect-delay 2s
tcp-request content reject if !is_allowed
server server1 10.10.10.10:30011 check
backend mock-backend-xxx
stick-table type ip size 16m expire 60s store gpc0 peers global-peers