Re: base32+src

[Christian Ruppert]

Hi Yuan,

On 2015-02-12 17:39, Yuan wrote:

Hello Experts,

Our customer’s website has just been brought down by bots.bots
website aware.

base32+src can look at src + url.

I am not good at this. I am hoping I can get some help to create the
needed config. Can I do the below config ;

_# Begin DDOS-Protection-Config_
_# Monitor the number of request sent by an IP over a period of 10
seconds_
_ stick-table type base32+src size 1m expire 10s store
gpc0,http_req_rate(10s)_
_ tcp-request connection track-sc1 src_
_ # Refuses a new connection from an abuser_
_ tcp-request content reject if { src_get_gpc0 gt 0 }_
_ # Returns a 403 response for requests in an established connection_
_ http-request deny if { src_get_gpc0 gt 0 }_

I think this config is wrong. Any help or tips or sample config using
base32+src possible. Maybe a Link where someone posted a sample config
using base32+src. I have both port 80  port 443 with port 80 rewrite
to port 443.


Due to lack of of time I can't help you that much but what you miss is 
increasing the gpc0 counter. You should take a look at haproxy rate 
limiting stuff, there are some good examples out there, e.g.:

http://brokenhaze.com/blog/2014/03/25/how-stack-exchange-gets-the-most-out-of-haproxy/

It's also pretty easy to test with a few shells, curl and socat.



I had some help from Willy about using base32+src which I understood
in theory but I am not good enough to convert that wonderful advise to
a workable config.

Best regards,
; Yuan


--
Regards,
Christian Ruppert

Re: Rate limit login page

[Juriy Strashnov]

This articles may be helpful:

Better Rate Limiting For All with HAProxy
http://blog.serverfault.com/2010/08/26/1016491873/

wordpress CMS brute force protection with HAProxy
http://blog.haproxy.com/2013/04/26/wordpress-cms-brute-force-protection-with-haproxy/

On Fri, Feb 13, 2015 at 3:39 PM, roe...@roedie.nl wrote:

 Hi,

 I want to apply some rate limiting, or even deny acces to our login page
 when more than X requests are done withing 10 seconds.

 I think I need to create acl's based on the method used (POST), the url
 used, and the http response code 303. But, I'm not really sure how to do
 this.

 I can get the post and the url, but what can I use to get the response
 code?

 Greets,

 Sander




-- 
Best regards, Juriy Strashnov

Mob. +7 (953) 742-1550
E-mail: j.strash...@me.com

Please consider the environment before printing this email.

log cipher used for TLS connection

[Warren Turkal]

Is it possible to log the cipher used for a TLS connection?

wt
-- 
Warren Turkal

Derniers jours de soldes, c’est maintenant ou jamais !

[Bexley]

Derniers jours de soldes,  c’est 
maintenant ou jamais !  Chaussures dès 89€, chemises dès 19€. Jusqu’au 17 
février, il ne reste 
plus que quelques jours pour faire de bonnes affaires. Vite, 
dépêchez-vous !
 Pour visualiser ce message sur votre navigateur, consultez notre version en 
ligne: 
http://communication.bexley.com/HM?a=ENX7Cqo_g3eG8SA9MKJtFZ_nGHxKLk6VS_cStGb5lw8W0bBhOG5mpqVsje_HhdCavVKw
. Bexley Quality for men
: 
http://communication.bexley.com/HP?a=ENX7Cqo_g3eG8SA9MKJtFZ_nGHxKLk6VlvcStGb5lw8W0bBhOG5mpqVsje_HhdCavVKP
Chaussures Ville: 
http://communication.bexley.com/HP?a=ENX7Cqo_g3eG8SA9MKJtFZ_nGHxKLk6Vl_cStGb5lw8W0bBhOG5mpqVsje_HhdCavVKM
 | Chaussures Détente: 
http://communication.bexley.com/HP?a=ENX7Cqo_g3eG8SA9MKJtFZ_nGHxKLk6VlPcStGb5lw8W0bBhOG5mpqVsje_HhdCavVKN
 | Chemises: 
http://communication.bexley.com/HP?a=ENX7Cqo_g3eG8SA9MKJtFZ_nGHxKLk6VlfcStGb5lw8W0bBhOG5mpqVsje_HhdCavVKS
 | Pulls  Polos: 
http://communication.bexley.com/HP?a=ENX7Cqo_g3eG8SA9MKJtFZ_nGHxKLk6VqvcStGb5lw8W0bBhOG5mpqVsje_HhdCavVKT
 | Chinos: 
http://communication.bexley.com/HP?a=ENX7Cqo_g3eG8SA9MKJtFZ_nGHxKLk6Vq_cStGb5lw8W0bBhOG5mpqVsje_HhdCavVKQ
 | Ceintures: 
http://communication.bexley.com/HP?a=ENX7Cqo_g3eG8SA9MKJtFZ_nGHxKLk6VqPcStGb5lw8W0bBhOG5mpqVsje_HhdCavVKR
 | Chaussettes: 
http://communication.bexley.com/HP?a=ENX7Cqo_g3eG8SA9MKJtFZ_nGHxKLk6VqfcStGb5lw8W0bBhOG5mpqVsje_HhdCavVKW
 | Accessoires: 
http://communication.bexley.com/HP?a=ENX7Cqo_g3eG8SA9MKJtFZ_nGHxKLk6VrvcStGb5lw8W0bBhOG5mpqVsje_HhdCavVKX
Livraison gratuite dès 99€
Soldes derniers jours
: 
http://communication.bexley.com/HP?a=ENX7Cqo_g3eG8SA9MKJtFZ_nGHxKLk6Vr_cStGb5lw8W0bBhOG5mpqVsje_HhdCavVKU
Chaussures ville
: 
http://communication.bexley.com/HP?a=ENX7Cqo_g3eG8SA9MKJtFZ_nGHxKLk6VrPcStGb5lw8W0bBhOG5mpqVsje_HhdCavVKV
Pack de 2 boxers
: 
http://communication.bexley.com/HP?a=ENX7Cqo_g3eG8SA9MKJtFZ_nGHxKLk6VrfcStGb5lw8W0bBhOG5mpqVsje_HhdCavVKa
Pulls laine
: 
http://communication.bexley.com/HP?a=ENX7Cqo_g3eG8SA9MKJtFZ_nGHxKLk6VovcStGb5lw8W0bBhOG5mpqVsje_HhdCavVKb
Chemises 100% coton
: 
http://communication.bexley.com/HP?a=ENX7Cqo_g3eG8SA9MKJtFZ_nGHxKLk6Vo_cStGb5lw8W0bBhOG5mpqVsje_HhdCavVKY
100% des produits en soldes ou promotion
: 
http://communication.bexley.com/HP?a=ENX7Cqo_g3eG8SA9MKJtFZ_nGHxKLk6VoPcStGb5lw8W0bBhOG5mpqVsje_HhdCavVKZ
Pulls laine
: 
http://communication.bexley.com/HP?a=ENX7Cqo_g3eG8SA9MKJtFZ_nGHxKLk6VofcStGb5lw8W0bBhOG5mpqVsje_HhdCavVKe
Chemises 100% coton
: 
http://communication.bexley.com/HP?a=ENX7Cqo_g3eG8SA9MKJtFZ_nGHxKLk6VpvcStGb5lw8W0bBhOG5mpqVsje_HhdCavVKf
Vite j'en profite
: 
http://communication.bexley.com/HP?a=ENX7Cqo_g3eG8SA9MKJtFZ_nGHxKLk6Vp_cStGb5lw8W0bBhOG5mpqVsje_HhdCavVKc
Gants en cuir
: 
http://communication.bexley.com/HP?a=ENX7Cqo_g3eG8SA9MKJtFZ_nGHxKLk6VpPcStGb5lw8W0bBhOG5mpqVsje_HhdCavVKd
Pantalons chino
: 
http://communication.bexley.com/HP?a=ENX7Cqo_g3eG8SA9MKJtFZ_nGHxKLk6VpfcStGb5lw8W0bBhOG5mpqVsje_HhdCavVKi

Gants en cuir
: 
http://communication.bexley.com/HP?a=ENX7Cqo_g3eG8SA9MKJtFZ_nGHxKLk6VuvcStGb5lw8W0bBhOG5mpqVsje_HhdCavVKj
Pantalons chino
: 
http://communication.bexley.com/HP?a=ENX7Cqo_g3eG8SA9MKJtFZ_nGHxKLk6Vu_cStGb5lw8W0bBhOG5mpqVsje_HhdCavVKg
Porte-documents
: 
http://communication.bexley.com/HP?a=ENX7Cqo_g3eG8SA9MKJtFZ_nGHxKLk6VuPcStGb5lw8W0bBhOG5mpqVsje_HhdCavVKh
Chaussures casual
: 
http://communication.bexley.com/HP?a=ENX7Cqo_g3eG8SA9MKJtFZ_nGHxKLk6VufcStGb5lw8W0bBhOG5mpqVsje_HhdCavVKm
Nos boutiques
: 
http://communication.bexley.com/HP?a=ENX7Cqo_g3eG8SA9MKJtFZ_nGHxKLk6VvvcStGb5lw8W0bBhOG5mpqVsje_HhdCavVKn
Shop online
: 
http://communication.bexley.com/HP?a=ENX7Cqo_g3eG8SA9MKJtFZ_nGHxKLk6Vv_cStGb5lw8W0bBhOG5mpqVsje_HhdCavVKk
  
LIVRAISON GRATUITE AVANTAGES CLIENTS NOS MAGASINS France et Europe* dès 99€ 
Autres destinations jusqu'à -80%: 
http://communication.bexley.com/HP?a=ENX7Cqo_g3eG8SA9MKJtFZ_nGHxKLk6VvPcStGb5lw8W0bBhOG5mpqVsje_HhdCavVKl
Remise par lots, remise fidélité 5%,: 
http://communication.bexley.com/HP?a=ENX7Cqo_g3eG8SA9MKJtFZ_nGHxKLk6VvfcStGb5lw8W0bBhOG5mpqVsje_HhdCavVKq

Détaxe automatique livraison hors U.E: 
http://communication.bexley.com/HP?a=ENX7Cqo_g3eG8SA9MKJtFZ_nGHxKLk6VsvcStGb5lw8W0bBhOG5mpqVsje_HhdCavVKr
Paris, Bruxelles
 Lyon, Marseille, Annecy: 
http://communication.bexley.com/HP?a=ENX7Cqo_g3eG8SA9MKJtFZ_nGHxKLk6Vs_cStGb5lw8W0bBhOG5mpqVsje_HhdCavVKo

PARTAGER 
: 
http://communication.bexley.com/HS?a=ENX7Cqo_g3eG8SA9MKJtFZ_nGHxKLk6VsPcStGb5lw8W0bBhOG5mpqVsje_HhdCavVKp

: 
http://communication.bexley.com/HS?a=ENX7Cqo_g3eG8SA9MKJtFZ_nGHxKLk6VsfcStGb5lw8W0bBhOG5mpqVsje_HhdCavVKu

: 
http://communication.bexley.com/HS?a=ENX7Cqo_g3eG8SA9MKJtFZ_nGHxKLk6VtvcStGb5lw8W0bBhOG5mpqVsje_HhdCavVKv

: 
http://communication.bexley.com/HS?a=ENX7Cqo_g3eG8SA9MKJtFZ_nGHxKLk6Vt_cStGb5lw8W0bBhOG5mpqVsje_HhdCavVKs

Bexley, le spécialiste de la chaussure de luxe à prix vraiment 
accessibles !

 Depuis près de 30 ans, Bexley est le chausseur de référence pour les 
hommes qui recherchent des 

Rate limit login page

[roedie]

Hi,

I want to apply some rate limiting, or even deny acces to our login page 
when more than X requests are done withing 10 seconds.


I think I need to create acl's based on the method used (POST), the url 
used, and the http response code 303. But, I'm not really sure how to do 
this.


I can get the post and the url, but what can I use to get the response 
code?


Greets,

Sander