Hi,
I'm implementing something similar to cloud flare IUAM
(javascript based client verification engaging under layer7 ddos attack)
Is it normal that http table exp counter gets updated even if src
address is whitelisted sc1_get_gpc0(backend) > 0 ?
Is it possible to force expire an entry using an acl ?
Is it possible to define multiple stick tables storing gpc0 in a
single frontend,
now it's using one from the frontend and one from the backend but how
to define sc2 without adding another backend ?
config follows
backend backend
stick-table type ip size 1m expire 10m store gpc0
tcp-request content track-sc1 src if !whitelist
acl flag_fail sc0_inc_gpc0(http) ge 0
acl flag_ok sc1_inc_gpc0(backend) ge 0
acl rm_black src_clr_gpc0(http) ge 0
acl whitelist sc1_get_gpc0(backend) gt 0
acl blacklist_candidate sc0_get_gpc0(http) gt 0
#send chalanges if session rate > 500
acl normal_rate be_sess_rate lt 500
#checks if chalange response is correct
acl cauth_ok cookie_auth
#add to whitelist if chalange response is correct
http-request allow if whitelist or cauth_ok flag_ok rm_black
#send javascript chalange
http-request cookie_auth if !auth_ok !normal_rate flag_fail
http-request cookie_auth if !auth_ok blacklist_candidate flag_fail
frontend http
bind 0.0.0.0:8080
stick-table type ip size 1m expire 20m store gpc0
acl flag_fail sc0_inc_gpc0(http) ge 0
acl blacklist sc0_get_gpc0(http) gt 500
acl whitelist sc1_get_gpc0(backend) gt 0
tcp-request connection track-sc0 src if ! whitelist
tcp-request connection reject if blacklist flag_fail
Thanks,
Michal Grzedzicki
