06e76706c7
A new variable "haproxy_stick_table" is added which allows a custom stick-table to be supplied that is used as the default stick-table for all haproxy back-ends. In addition, the variable service.haproxy_stick_table can be defined for each service to allow a unique stick-table to be supplied for a particular service. The old default stick-table definition is removed as there was no use case defined for it in this role before. An example is added to defaults/main.yml to show how the custom stick-table can be used to rate-limit requests that generate 4xx responses which commonly occur during vulnerability scanning or credential stuffing attacks. There are many other uses for stick-tables, consult the HAProxy documentation for details. Change-Id: I50daba08c10f071157d6450ea2fa97df448f99ec
14 lines
615 B
YAML
14 lines
615 B
YAML
---
|
|
features:
|
|
- |
|
|
A new variable ``haproxy_stick_table`` can be defined to apply a
|
|
customised stick-table to all backends on the loadbalancer. In addition,
|
|
``haproxy_stick_table`` can be set in each service definition to have a
|
|
customised stick-table for a particular backend.
|
|
upgrade:
|
|
- |
|
|
A default stick-table was previously applied to all backends by default
|
|
but did not have any specific purpose. This is now removed, and the variable
|
|
``haproxy_stick_table`` should be used to supply a list of config lines
|
|
to be applied to each backend to control stick-table functionality.
|