Hi everyone, surely many on this list have heard about the meris botnet (https://krebsonsecurity.com/2021/09/krebsonsecurity-hit-by-huge-new-iot-botnet-meris/) which uses HTTP/1.1 pipelining for layer 7 attacks. As far as I can see, it's not possible to disallow HTTP pipelining in haproxy, so the best possibility could be "option httpclose"? Of course, this does not solve everything when a ~100k botnet is attacking, but it could ease the initial load / mitigate the pipelining vector a bit, as the attack clients have longer RTT.
Or maybe I am missing something? Best regards, Stefan Behte
