Can haproxy load-balance by referrer URL? (filtering a Slashdot scenario)
I have a poorly performing web app that will be massively scaled out to cope with the weight of the internet.
Haproxy will be used to farm out the stateless web requests to many servers. However, there's still a limit to the traffic that can come and I'd like to prioritise genuine users.
Can haproxy be configured to send traffic from a particular referrer URL to a particular box?
E.g. if the deployment's gateway is mentioned in a news article I can redirect traffic from that article to a fast static HTML site saying something on the lines of "thank you for you interest, here's some info."?
If this is possible, perhaps someone could share a relevant snippet from the configuration file.
Solution 1:
Yes, it can. From the documentation,
hdr_dir
hdr_dir(header)
Returns true when one of the headers contains one of the strings either isolated or delimited by slashes. This is used to perform filename or directory name matching, and may be used with Referer. See "hdr" for more information on header matching.
So you can check hdr_dir(referer) to see if it matches a particular path, and if it does, set a flag, and then send traffic to various destinations based on that flag.
acl slashdot hdr_dir(referer) -i /some/path
use_backend cluster1 if slashdot
use backend cluster2 if !slashdot
backend cluster1
server servera 192.168.0.50:80
backend cluster2
server serverb 192.168.0.51:80
Untested.
Solution 2:
I came across this post, which talks about using a setup along these lines:
acl invalid_referer hdr_sub(referer) -i -f /etc/haproxy/banned.haproxy.conf
block if invalid_referer
It should return a 403 to the block referral traffic. You should be able to amend the config to handle the traffic differently (i.e. pass to a different backed)