On Wed, Jun 18, 2014 at 8:09 AM, Andrew Kroenert <[email protected]> wrote: > Hey Guys, > > Im trying to tarpit based on Unique IP and specific URL. I started with the > following: > > listen web > ... > # Track IP over 60sec, if http_req rate greater than 20 AND > page.html, send > # to new backend with tarpit only. > stick-table type ip size 1m expire 60s store gpc0,http_req_rate(60s) > tcp-request connection track-sc1 src > tcp-request connection reject if { src_get_gpc0 gt 0 } > > acl ratelimiteIP src_http_req_rate ge 20 > acl showPage path_end page.html > use_backend web-ratelimit if ratelimiteIP showPage > > backend web-ratelimit > mode http > fullconn 500 > > timeout tarpit 5s > reqitarpit . > > > The above example works to a degree, but not what I was hoping for. I am > only sending to a new backend to easily see results in the stats web page. > > The above example tracks all IP requests, and if the url matches page.html > it blocks it (Example: 100x req to index.html and 1 req to page.html would > trigger) . I am hoping to track ONLY ip addresses going to a specific URL, > not all in general. > > I then moved onto the following example: > > listen web > ... > acl showPage path_end page.html > acl ratelimitIP sc1_get_gpc0 ge 0 > stick-table type binary len 20 size 500 store gpc0 > > tcp-request content track-sc1 url32+src if showPage > use_backend web-ratelimit if ratelimitIP > > backend web-ratelimit > mode http > fullconn 500 > > timeout tarpit 5s > reqitarpit . > > But this doesnt seem to track them correctly. > > Anyone have any pointers or a working config on url32+src? would be greatly > appreciated? > > Thanks > > Andrew > >
Hi Andrew, You pick up your example from the blog post related to brute force protection. In such case you just want to protect a particular URL from being hitting too much. URL: http://blog.haproxy.com/2013/04/26/wordpress-cms-brute-force-protection-with-haproxy/ Now, if you explain us your needs, we may be able to help you. Baptiste
