Hi
I am trying to make a configuration that counts missed login attempts and block
after 10 attempts in 60 sec.
The following example are accepted, but with a warning.
It looks like the configuration will not work as keyword 'status' is
incompatible with 'frontend http-request header rule'
I have also tried to find an explanation around the keyword 'status' but cannot
find anything.
Have also tried to remove status keyword, but that return an error instead.
So what is the trick to get this to work?
defaults
retries 3 # Try to connect up to 3 times in case of failure
timeout connect 5s # 5 seconds max to connect or to stay in queue
timeout http-keep-alive 1s # 1 second max for the client to post next
request
timeout http-request 15s # 15 seconds max for the client to send a
request
timeout queue 30s # 30 seconds max queued on load balancer
timeout client 30s
timeout server 10s
log global
mode http
option httplog
option dontlognull
option http-server-close
maxconn 100
frontend http-in
bind :80
http-request track-sc0 src table table_login_limiter if { url_beg /login } {
status 401 }
http-request tarpit deny_status 429 if { sc_http_req_rate(0) gt 10 } { url_beg
/login }
default_backend be_default_server
backend table_login_limiter
stick-table type ip size 1m expire 60s store http_req_rate(60s)
backend be_default_server
balance leastconn
server server_1 127.0.0.1:80
haproxy -f /home/user/haproxy02.cfg -c
[NOTICE] (1338291) : haproxy version is 2.5.3-1ppa1~focal
[NOTICE] (1338291) : path to executable is /usr/sbin/haproxy
[WARNING] (1338291) : config : parsing [/home/user/haproxy02.cfg:19] :
anonymous acl will never match because it uses keyword 'status' which is
incompatible with 'frontend http-request header rule'
[WARNING] (1338291) : config : log format ignored for frontend 'http-in' since
it has no log address.
Warnings were found.
Configuration file is valid
Regards
Henning
