Hi Toni, On Sat, Aug 31, 2013 at 02:14:55PM +0300, Toni Mattila wrote: > Hi, > > I'm having issues implementing > http://blog.exceliance.fr/2013/04/26/wordpress-cms-brute-force-protection-with-haproxy/ > described configuration with dev19 due to what seems that following > construct doesn't work: > backend xyz > acl foo sc1_inc_gpc gt 0 > http-request deny if foo > > In the full example there is: > acl bruteforce_detection sc2_http_req_rate gt 5 > acl flag_bruteforce sc1_inc_gpc0 gt 0 > http-request deny if bruteforce_detection flag_bruteforce > > But that flag_bruteforce never gets positive.. if I remove that > flag_bruteforce from the http-request deny line it works.. but of course > then the frontend doesn't get that sc1_get_gpc0 counter.. > > Any ideas how I might debug this?
you should post your whole config and show some logs exhibiting the requests, because in the blog's example there are a number of conditions to track the request (eg: the request must be a POST to /wp-login.php, etc...). It is very likely that something in your test is different. Regards, Willy
