mirror of
http://git.haproxy.org/git/haproxy.git/
synced 2024-12-24 05:32:21 +00:00
c73ce2b111
Add the "backlog" parameter to frontends, to give hints to the system about the approximate listen backlog desired size. In order to protect against SYN flood attacks, one solution is to increase the system's SYN backlog size. Depending on the system, sometimes it is just tunable via a system parameter, sometimes it is not adjustable at all, and sometimes the system relies on hints given by the application at the time of the listen() syscall. By default, HAProxy passes the frontend's maxconn value to the listen() syscall. On systems which can make use of this value, it can sometimes be useful to be able to specify a different value, hence this backlog parameter.
23 lines
473 B
INI
23 lines
473 B
INI
# This is a test configuration.
|
|
# It is used to check that the backlog queue works as expected.
|
|
|
|
global
|
|
maxconn 200
|
|
stats timeout 3s
|
|
|
|
frontend backlog_def
|
|
mode http
|
|
timeout client 15s
|
|
maxconn 100
|
|
bind :8000
|
|
option httpclose
|
|
|
|
frontend backlog_max
|
|
mode http
|
|
timeout client 15s
|
|
maxconn 100
|
|
backlog 100000
|
|
bind :8001
|
|
option httpclose
|
|
|