Dear Support,
We are using HA-Proxy version 1.8-dev1-7b67726 on four servers. To handle
the DDOS attacks, we have configured sticky-table rules.
The issue is, the same configuration is working on 3 servers but not on one
server. All the server packages,haproxy version and configuration file is
same. But one server is showing 1/3rd requests in sticky table.
Consequently, it is not blocking any of the IPs.
However, rest of the servers showing correct count in sticky table
corresponding to the number of requests made and blocking the IPs as well
when they reach defined limit.
Could you please guide how we can eradicate the issue? Which packages
haproxy use to count the http_req_rate?
For your infomation, we are using following rules in the config file:
In Frontend:
* acl wp_login path_beg -i /wp-login.php*
* acl wp_xmlrpc path_beg -i /xmlrpc.php*
* stick-table type ip size 5m expire 120s store
gpc0,http_req_rate(120s)*
* tcp-request content track-sc1 src if METH_POST wp_login or
wp_xmlrpc*
* tcp-request content reject if { src_get_gpc0 gt 0 }*
* # returns a 403 for requests in an established connection*
* http-request tarpit if { src_get_gpc0 gt 0 }*
In Backend:
* timeout tarpit 120s*
* # If the source IP sent 15 or more http request over the defined
period, *
* # flag the IP as abuser on the frontend*
* acl abuse src_http_req_rate(frontendname) ge 15*
* acl flag_abuser src_inc_gpc0(frontendname) ge 0*
* # Returns a 403 to the abuser*
* http-request tarpit if abuse flag_abuser*
Please guide.Thanking you in advance.
--
Thanks & Regards
Sikander Dhaliwal
