On Sun, Sep 7, 2014 at 2:55 PM, PiBa-NL <[email protected]> wrote: > Hi Baptiste, > > Thanks that fixes my issue indeed with the following: > tcp-request inspect-delay 10s > tcp-request content track-sc1 base32+src if METH_GET wp_login > tcp-request content accept if HTTP > > I didn't think about inspect-delay because both frontend and backend are > using 'mode http', and i only used to use inspect-delay with frontends using > tcp mode. Though maybe the 'tcp-request' should have given my that hint. The > 'accept' must be below the 'track-sc1' to make it work. > > Could you perhaps also add this to the blog article, or should i post a > comment under it for other people to not fall into the same mistake? > > Thanks, > PiBa-NL > > Baptiste schreef op 7-9-2014 11:38: > >> On Sat, Sep 6, 2014 at 9:16 PM, PiBa-NL <[email protected]> wrote: >>> >>> Hi list, >>> >>> Inspired by a blog about wordpress bruteforce protection [0] , i'm trying >>> to >>> use this same kind of method in a frontend/backend configuration. >>> I did change the method from POST to GET, for easier testing, but that >>> doesn't matter for retrieving the gpc counter, does it? >>> >>> So i was trying to use this: >>> tcp-request content track-sc1 base32+src if METH_GET login >>> >>> It however doesn't seem to work using HAProxy 1.5.3, the acl containing >>> "sc1_get_gpc0 gt 0" never seems to get the correct gpc0 value, even >>> though i >>> have examined the stick-table and the gpc0 value there is increasing. >>> If i change it to the following it starts working: >>> tcp-request content track-sc1 base32+src >>> >>> Even though the use_backend in both cases checks those first criteria: >>> acl flagged_as_abuser sc1_get_gpc0 gt 0 >>> use_backend pb3_453_http if METH_GET wp_login >>> flagged_as_abuser >>> >>> Am i doing something wrong, is the blog outdated, or was a bug introduced >>> somewhere? >>> >>> If more information perhaps -vv or full config is needed let me know, >>> thanks for any reply. >>> >>> p.s. did anyone get my other emails a while back? [1] >>> >>> Kind regards, >>> PiBa-NL >>> >>> [0] >>> >>> http://blog.haproxy.com/2013/04/26/wordpress-cms-brute-force-protection-with-haproxy/ >>> [1] http://marc.info/?l=haproxy&m=140821298806125&w=2 >>> >> >> Hi, >> >> Plese let us know if you have the following configuration lines (or >> equivalent), before your tracking rule: >> tcp-request inspect-delay 10s >> tcp-request accept if HTTP >> >> Baptiste > >
Hi, Article updated. Baptiste
