Black Friday black out protection with HAProxy

The media industry had lots of fun at the expense of e-commerce outlets on Black Friday mercilessly reporting on site crashes and outages .

My wife yelled that I needed to ‘fix the Internet’ when would not respond immediately to her demands on Friday evening. However on closer inspection i.e. reading the page Agros was handling the situation in a very fair and simple way.

The holding page displayed apologised because the site was very busy, and within about 2 minutes it let her into the web site to start shopping (nice little Javascript re-direct built into the sorry we are busy page).

If you need to implement this kind of functionality for your e-commerce site then it is pretty simple to do with the appliance:

What we basically need to do is track the number of valid users shopping on the web site with an application cookie, and set a limit on the total number we think our application can safely handle.
For this configuration we are setting the limit at 5000 users over a 10 minute period (you don’t want to time people out when they spend 5 minutes just looking for their credit card!).

On the appliance v7.6.3 you would configure this VIP as a Layer 7 Manual Configuration; this new functionality ensures that you have complete control of the configuration file and yet the system overview still shows the servers and allows you to you to control them.

Back to the actual configuration (heavily borrowed from HAProxy Over Usage Protection)

listen L7-Testbind transparentmode http acl maxcapacity table_cnt ge 5000acl knownuser hdr_sub(cookie) PHPSESSIDhttp-request deny if maxcapacity !knownuser # define a stick-table with at most 5K entries# cookie value would be cleared from the table if not used for 10 mstick-table type string len 32 size 5K expire 10m nopurge peers loadbalancer_replication# Use the applications own php session id to track users - you could track users who are in the shopping basket with a different cookie....stick store-response set-cookie(PHPSESSID)stick store-request cookie(PHPSESSID) # Lets use the built in fallback page - you can edit this with a nice holding message and javascript re-direct after timeout.errorfile 403 /usr/share/nginx/html/index.html balance leastconn# We can use our own internal cookies for session tracking per server as well.cookie SERVERID insert nocache server backup backup non-stickoption http-keep-aliveoption forwardforoption redispatchoption abortonclosemaxconn 40000server Test1 weight 100 cookie Test1server Test2 weight 100 cookie Test2


I think this is a very powerful and useful feature for any e-commerce site trying to deal with Black Friday type events.

Interestingly enough most of the people I talk to disagree with me and say that these sites should have invested more money in capacity to avoid the massive loss of face and bad publicity…

But just how much would that cost?

And is it even achievable if your database is overloaded? (without a complete architecture re-design) we are not all Amazon after all.

I used to manage the IT infrastructure for way back in 2003 and recall implementing this kind of fix at the application layer for the Valentines day rush.
We were very close to losing the site from the sheer volume of people trying to do last minute valentine flower orders. If we had not done the fix then the site would have collapsed and 25,000 pre-ordered bunches of roses would have gone to waste.


You Can Learn More About the’s Product Line By Going to

The original article/video can be found at Black Friday black out protection with HAProxy

Leave a Reply

%d bloggers like this: