Hi, Now you can use map for your needs. The maps can be manipulated via the "stats socket". The identifier of the map is the file name:
acl abuser src,map_ip_int(abusers.lst,0) -m int eq 1 http-request tarpit if abuser The file abusers.lst is empty file, or contain the known blocked IP. During the run of haproxy, you can block one ip addres with this command: echo "add map abusers.lst 10.0.3.7 1" | socat - unix:/tmp/haproxy You can release the ip with this command: echo "del map abusers.lst 10.0.3.7" | socat - unix:/tmp/haproxy For information, I'm actually working on dynamic ACL. Thierry On Sat, 11 Jan 2014 21:45:45 -0200 david rene comba lareu <[email protected]> wrote: > Hi, > > i'm trying to automatize a DDoS protection into our current server > structure, there is any way to load the ACL to block ip's through a > file so i could update it via code? need to restart/reload haproxy > each time i add an ip? > > i'm open to any suggestions if anyone has any better method for this. > > Regards. >
