Hi, awesome ! thanks for the help, i'm gonna try it asap :D
Regards. 2014/1/15 Thierry FOURNIER <[email protected]>: > Hi, > > Now you can use map for your needs. The maps can be manipulated via the > "stats socket". The identifier of the map is the file name: > > acl abuser src,map_ip_int(abusers.lst,0) -m int eq 1 > http-request tarpit if abuser > > The file abusers.lst is empty file, or contain the known blocked IP. > > During the run of haproxy, you can block one ip addres with this > command: > > echo "add map abusers.lst 10.0.3.7 1" | socat - unix:/tmp/haproxy > > You can release the ip with this command: > > echo "del map abusers.lst 10.0.3.7" | socat - unix:/tmp/haproxy > > For information, I'm actually working on dynamic ACL. > > Thierry > > > On Sat, 11 Jan 2014 21:45:45 -0200 > david rene comba lareu <[email protected]> wrote: > >> Hi, >> >> i'm trying to automatize a DDoS protection into our current server >> structure, there is any way to load the ACL to block ip's through a >> file so i could update it via code? need to restart/reload haproxy >> each time i add an ip? >> >> i'm open to any suggestions if anyone has any better method for this. >> >> Regards. >>
