tcp-request content set-var(txn.stream_prio) src,map_ip(opt@stream_prio.map,1234)tcp-request content set-priority-class var(txn.stream_prio)

filter bwlim-in upload_src limit 60k key src table datastore/uploadtcp-request content set-var(txn.src_bwlim_in) src,map_ip(opt@src_bwlim_in.map,60k)tcp-request content set-bandwidth-limit upload_src limit-var var(txn.src_bwlim_in)filter bwlim-in upload_stream default-limit 30k default-period 1stcp-request content set-var(txn.stream_bwlim_in) base,map_reg(opt@stream_bwlim_in.map,30k)tcp-request content set-bandwidth-limit upload_stream limit-var var(txn.stream_bwlim_in)

filter bwlim-out download_src limit 60k key src table datastore/downloadtcp-response content set-var(txn.src_bwlim_out) src,map_ip(opt@src_bwlim_out.map,60k)tcp-response content set-bandwidth-limit download_src limit-var var(txn.src_bwlim_out)filter bwlim-out download_stream default-limit 30k default-period 1stcp-response content set-var(txn.stream_bwlim_out) base,map_reg(opt@stream_bwlim_out.map,30k)tcp-response content set-bandwidth-limit download_stream limit-var var(txn.stream_bwlim_out)

http-request set-var(txn.bw_src_in) src,map_ip(opt@bw_src_in.map,30k),regsub('[mkg]',)filter bwlim-in upload_ip10k limit 10k key src table datastore/uploadfilter bwlim-in upload_ip20k limit 20k key src table datastore/uploadfilter bwlim-in upload_ip30k limit 30k key src table datastore/uploadfilter bwlim-in upload_ip40k limit 40k key src table datastore/uploadfilter bwlim-in upload_ip50k limit 50k key src table datastore/uploadhttp-request set-bandwidth-limit upload_ip10k if { var(txn.bw_src_in) -m int le 15 }http-request set-bandwidth-limit upload_ip20k if { var(txn.bw_src_in) -m int gt 15 } { var(txn.bw_src_in) -m int le 25 }http-request set-bandwidth-limit upload_ip30k if { var(txn.bw_src_in) -m int gt 25 } { var(txn.bw_src_in) -m int le 35 }http-request set-bandwidth-limit upload_ip40k if { var(txn.bw_src_in) -m int gt 35 } { var(txn.bw_src_in) -m int le 45 }http-request set-bandwidth-limit upload_ip50k if { var(txn.bw_src_in) -m int gt 45 } { var(txn.bw_src_in) -m int le 55 }

http-request set-var(txn.bw_stream_in) base,map_reg(opt@bw_stream_in.map,30k),regsub('[mkg]',)filter bwlim-in upload_stream default-limit 30k default-period 1shttp-request set-bandwidth-limit upload_stream limit 10k if { var(txn.bw_stream_in) -m int le 15 }http-request set-bandwidth-limit upload_stream limit 20k if { var(txn.bw_stream_in) -m int gt 15 } { var(txn.bw_stream_in) -m int le 25 }http-request set-bandwidth-limit upload_stream limit 30k if { var(txn.bw_stream_in) -m int gt 25 } { var(txn.bw_stream_in) -m int le 35 }http-request set-bandwidth-limit upload_stream limit 40k if { var(txn.bw_stream_in) -m int gt 35 } { var(txn.bw_stream_in) -m int le 45 }http-request set-bandwidth-limit upload_stream limit 50k if { var(txn.bw_stream_in) -m int gt 45 } { var(txn.bw_stream_in) -m int le 55 }

HAProxy version 3.0.8-1 2025/01/29 - https://haproxy.org/Status: long-term supported branch - will stop receiving fixes around Q2 2029.Known bugs: http://www.haproxy.org/bugs/bugs-3.0.8.htmlRunning on: Linux 6.12.17-cloud-amd64 #1 SMP PREEMPT_DYNAMIC Debian 6.12.17-1 (2025-03-01) x86_64Build options :  TARGET  = linux-glibc  CC      = x86_64-linux-gnu-gcc  CFLAGS  = -O2 -g -fwrapv -g -O2 -Werror=implicit-function-declaration -fstack-protector-strong -fstack-clash-protection -Wformat -Werror=format-security -fcf-protection -Wdate-time -D_FORTIFY_SOURCE=2  OPTIONS = USE_OPENSSL=1 USE_LUA=1 USE_SLZ=1 USE_SYSTEMD=1 USE_OT=1 USE_QUIC=1 USE_PROMEX=1 USE_PCRE2=1 USE_PCRE2_JIT=1 USE_QUIC_OPENSSL_COMPAT=1  DEBUG   =Feature list : -51DEGREES +ACCEPT4 +BACKTRACE -CLOSEFROM +CPU_AFFINITY +CRYPT_H -DEVICEATLAS +DL -ENGINE +EPOLL -EVPORTS +GETADDRINFO -KQUEUE -LIBATOMIC +LIBCRYPT +LINUX_CAP +LINUX_SPLICE +LINUX_TPROXY +LUA +MATH -MEMORY_PROFILING +NETFILTER +NS -OBSOLETE_LINKER +OPENSSL -OPENSSL_AWSLC -OPENSSL_WOLFSSL +OT -PCRE +PCRE2 +PCRE2_JIT -PCRE_JIT +POLL +PRCTL -PROCCTL +PROMEX -PTHREAD_EMULATION +QUIC +QUIC_OPENSSL_COMPAT +RT +SHM_OPEN +SLZ +SSL -STATIC_PCRE -STATIC_PCRE2 +SYSTEMD +TFO +THREAD +THREAD_DUMP +TPROXY -WURFL -ZLIBDefault settings :  bufsize = 16384, maxrewrite = 1024, maxpollevents = 200Built with multi-threading support (MAX_TGROUPS=16, MAX_THREADS=256, default=2).Built with OpenSSL version : OpenSSL 3.4.0 22 Oct 2024Running on OpenSSL version : OpenSSL 3.4.1 11 Feb 2025OpenSSL library supports TLS extensions : yesOpenSSL library supports SNI : yesOpenSSL library supports : TLSv1.0 TLSv1.1 TLSv1.2 TLSv1.3OpenSSL providers loaded : defaultBuilt with Lua version : Lua 5.4.7Built with the Prometheus exporter as a serviceBuilt with network namespace support.Built with OpenTracing support.Built with libslz for stateless compression.Compression algorithms supported : identity("identity"), deflate("deflate"), raw-deflate("deflate"), gzip("gzip")Built with transparent proxy support using: IP_TRANSPARENT IPV6_TRANSPARENT IP_FREEBINDBuilt with PCRE2 version : 10.44 2024-06-07PCRE2 library supports JIT : yesEncrypted password support via crypt(3): yesBuilt with gcc compiler version 14.2.0Available polling systems :      epoll : pref=300,  test result OK       poll : pref=200,  test result OK     select : pref=150,  test result OKTotal: 3 (3 usable), will use epoll.Available multiplexer protocols :(protocols marked as <default> cannot be specified using 'proto' keyword)       quic : mode=HTTP  side=FE     mux=QUIC  flags=HTX|NO_UPG|FRAMED         h2 : mode=HTTP  side=FE|BE  mux=H2    flags=HTX|HOL_RISK|NO_UPG  <default> : mode=HTTP  side=FE|BE  mux=H1    flags=HTX         h1 : mode=HTTP  side=FE|BE  mux=H1    flags=HTX|NO_UPG       fcgi : mode=HTTP  side=BE     mux=FCGI  flags=HTX|HOL_RISK|NO_UPG  <default> : mode=TCP   side=FE|BE  mux=PASS  flags=       none : mode=TCP   side=FE|BE  mux=PASS  flags=NO_UPGAvailable services : prometheus-exporterAvailable filters :        [BWLIM] bwlim-in        [BWLIM] bwlim-out        [CACHE] cache        [COMP] compression        [FCGI] fcgi-app        [  OT] opentracing        [SPOE] spoe        [TRACE] trace