On Sat, Sep 6, 2014 at 9:16 PM, PiBa-NL <piba.nl....@gmail.com> wrote: > Hi list, > > Inspired by a blog about wordpress bruteforce protection [0] , i'm trying to > use this same kind of method in a frontend/backend configuration. > I did change the method from POST to GET, for easier testing, but that > doesn't matter for retrieving the gpc counter, does it? > > So i was trying to use this: > tcp-request content track-sc1 base32+src if METH_GET login > > It however doesn't seem to work using HAProxy 1.5.3, the acl containing > "sc1_get_gpc0 gt 0" never seems to get the correct gpc0 value, even though i > have examined the stick-table and the gpc0 value there is increasing. > If i change it to the following it starts working: > tcp-request content track-sc1 base32+src > > Even though the use_backend in both cases checks those first criteria: > acl flagged_as_abuser sc1_get_gpc0 gt 0 > use_backend pb3_453_http if METH_GET wp_login flagged_as_abuser > > Am i doing something wrong, is the blog outdated, or was a bug introduced > somewhere? > > If more information perhaps -vv or full config is needed let me know, > thanks for any reply. > > p.s. did anyone get my other emails a while back? [1] > > Kind regards, > PiBa-NL > > [0] > http://blog.haproxy.com/2013/04/26/wordpress-cms-brute-force-protection-with-haproxy/ > [1] http://marc.info/?l=haproxy&m=140821298806125&w=2 >
Hi, Plese let us know if you have the following configuration lines (or equivalent), before your tracking rule: tcp-request inspect-delay 10s tcp-request accept if HTTP Baptiste