Re: Haproxy + nginx + naxsi
On Mon, Jun 10, 2013 at 6:15 PM, Hugues Lepesant hugues@... wrote: Hello all, I'm trying to make this tutorial work : http://blog.exceliance.fr/2012/10/16/high-performance-waf-platform-with-naxsi-and-haproxy/ But when I check the configuration of haproxy I've got a this errors : # haproxy -c -f /etc/haproxy/haproxy.test.cfg [ALERT] 160/191308 (22091) : parsing [/etc/haproxy/haproxy.test.cfg:32] : error detected while parsing ACL 'abuse' : ACL keyword 'sc1_http_req_rate' takes no argument. [ALERT] 160/191308 (22091) : parsing [/etc/haproxy/haproxy.test.cfg:33] : error detected while parsing ACL 'flag_abuser' : ACL keyword 'sc1_inc_gpc0' takes no argument. [ALERT] 160/191308 (22091) : parsing [/etc/haproxy/haproxy.test.cfg:34] : 'tcp-request content reject' : error detected in frontend 'ft_waf' while parsing 'if' condition : no such ACL : 'abuse' [ALERT] 160/191308 (22091) : parsing [/etc/haproxy/haproxy.test.cfg:56] : error detected while parsing ACL 'abuse' : ACL keyword 'sc1_http_err_rate' takes no argument. [ALERT] 160/191308 (22091) : parsing [/etc/haproxy/haproxy.test.cfg:57] : error detected while parsing ACL 'flag_abuser' : ACL keyword 'sc1_inc_gpc0' takes no argument. [ALERT] 160/191308 (22091) : parsing [/etc/haproxy/haproxy.test.cfg:58] : 'tcp-request content reject' : error detected in backend 'bk_waf' while parsing 'if' condition : no such ACL : 'abuse' [ALERT] 160/191308 (22091) : Error(s) found in configuration file : /etc/haproxy/haproxy.test.cfg [WARNING] 160/191308 (22091) : config : log format ignored for frontend 'ft_waf' since it has no log address. [WARNING] 160/191308 (22091) : config : log format ignored for frontend 'ft_web' since it has no log address. [ALERT] 160/191308 (22091) : Fatal errors found in configuration. Hug, It looks like these lines from that tutorial are causing some hang ups: --- acl abuse sc1_http_req_rate(ft_web) ge 100 acl flag_abuser sc1_inc_gpc0(ft_web) . . . acl abuse sc1_http_err_rate(ft_waf) ge 10 acl flag_abuser sc1_inc_gpc0(ft_waf) --- HAProxy is complaining because those fetch methods don't take arguments. Also, from the tutorial it looks like neither of these two front-ends tracks anything or has any stick-tables, so: --- acl abuse sc1_http_req_rate ge 100 acl flag_abuser sc1_inc_gpc0 . . . acl abuse sc1_http_err_rate ge 10 acl flag_abuser sc1_inc_gpc0 --- might make more sense. Best of luck, Shannon
Re: Haproxy + nginx + naxsi
Hug Hugues :p Sorry for the delay in my response, I'm a bit busy and far right now :) Well, this sounds a configuration issue, some typo or misnamed ACLs. Baptiste On Mon, Jun 10, 2013 at 6:15 PM, Hugues Lepesant hug...@lepesant.com wrote: Hello all, I'm trying to make this tutorial work : http://blog.exceliance.fr/2012/10/16/high-performance-waf-platform-with-naxsi-and-haproxy/ But when I check the configuration of haproxy I've got a this errors : # haproxy -c -f /etc/haproxy/haproxy.test.cfg [ALERT] 160/191308 (22091) : parsing [/etc/haproxy/haproxy.test.cfg:32] : error detected while parsing ACL 'abuse' : ACL keyword 'sc1_http_req_rate' takes no argument. [ALERT] 160/191308 (22091) : parsing [/etc/haproxy/haproxy.test.cfg:33] : error detected while parsing ACL 'flag_abuser' : ACL keyword 'sc1_inc_gpc0' takes no argument. [ALERT] 160/191308 (22091) : parsing [/etc/haproxy/haproxy.test.cfg:34] : 'tcp-request content reject' : error detected in frontend 'ft_waf' while parsing 'if' condition : no such ACL : 'abuse' [ALERT] 160/191308 (22091) : parsing [/etc/haproxy/haproxy.test.cfg:56] : error detected while parsing ACL 'abuse' : ACL keyword 'sc1_http_err_rate' takes no argument. [ALERT] 160/191308 (22091) : parsing [/etc/haproxy/haproxy.test.cfg:57] : error detected while parsing ACL 'flag_abuser' : ACL keyword 'sc1_inc_gpc0' takes no argument. [ALERT] 160/191308 (22091) : parsing [/etc/haproxy/haproxy.test.cfg:58] : 'tcp-request content reject' : error detected in backend 'bk_waf' while parsing 'if' condition : no such ACL : 'abuse' [ALERT] 160/191308 (22091) : Error(s) found in configuration file : /etc/haproxy/haproxy.test.cfg [WARNING] 160/191308 (22091) : config : log format ignored for frontend 'ft_waf' since it has no log address. [WARNING] 160/191308 (22091) : config : log format ignored for frontend 'ft_web' since it has no log address. [ALERT] 160/191308 (22091) : Fatal errors found in configuration. I'm running on Debian Squeeze 64 bits this version of haproxy : # haproxy - HA-Proxy version 1.5-dev17 2012/12/28 Copyright 2000-2012 Willy Tarreau w...@1wt.eu Build options : TARGET = linux2628 CPU = native CC = gcc CFLAGS = -O2 -march=native -g -fno-strict-aliasing OPTIONS = USE_ZLIB=1 USE_OPENSSL=1 USE_PCRE=1 USE_STATIC_PCRE=1 Default settings : maxconn = 2000, bufsize = 16384, maxrewrite = 8192, maxpollevents = 200 Encrypted password support via crypt(3): yes Built with zlib version : 1.2.3.4 Compression algorithms supported : identity, deflate, gzip Built with OpenSSL version : OpenSSL 0.9.8o 01 Jun 2010 OpenSSL library supports TLS extensions : yes OpenSSL library supports SNI : yes OpenSSL library supports prefer-server-ciphers : yes Available polling systems : epoll : pref=300, test result OK poll : pref=200, test result OK select : pref=150, test result OK Total: 3 (3 usable), will use epoll. Any help is welcome. Best regards, Hug
Haproxy + nginx + naxsi
Hello all, I'm trying to make this tutorial work : http://blog.exceliance.fr/2012/10/16/high-performance-waf-platform-with-naxsi-and-haproxy/ But when I check the configuration of haproxy I've got a this errors : # haproxy -c -f /etc/haproxy/haproxy.test.cfg [ALERT] 160/191308 (22091) : parsing [/etc/haproxy/haproxy.test.cfg:32] : error detected while parsing ACL 'abuse' : ACL keyword 'sc1_http_req_rate' takes no argument. [ALERT] 160/191308 (22091) : parsing [/etc/haproxy/haproxy.test.cfg:33] : error detected while parsing ACL 'flag_abuser' : ACL keyword 'sc1_inc_gpc0' takes no argument. [ALERT] 160/191308 (22091) : parsing [/etc/haproxy/haproxy.test.cfg:34] : 'tcp-request content reject' : error detected in frontend 'ft_waf' while parsing 'if' condition : no such ACL : 'abuse' [ALERT] 160/191308 (22091) : parsing [/etc/haproxy/haproxy.test.cfg:56] : error detected while parsing ACL 'abuse' : ACL keyword 'sc1_http_err_rate' takes no argument. [ALERT] 160/191308 (22091) : parsing [/etc/haproxy/haproxy.test.cfg:57] : error detected while parsing ACL 'flag_abuser' : ACL keyword 'sc1_inc_gpc0' takes no argument. [ALERT] 160/191308 (22091) : parsing [/etc/haproxy/haproxy.test.cfg:58] : 'tcp-request content reject' : error detected in backend 'bk_waf' while parsing 'if' condition : no such ACL : 'abuse' [ALERT] 160/191308 (22091) : Error(s) found in configuration file : /etc/haproxy/haproxy.test.cfg [WARNING] 160/191308 (22091) : config : log format ignored for frontend 'ft_waf' since it has no log address. [WARNING] 160/191308 (22091) : config : log format ignored for frontend 'ft_web' since it has no log address. [ALERT] 160/191308 (22091) : Fatal errors found in configuration. I'm running on Debian Squeeze 64 bits this version of haproxy : # haproxy - HA-Proxy version 1.5-dev17 2012/12/28 Copyright 2000-2012 Willy Tarreau w...@1wt.eu Build options : TARGET = linux2628 CPU = native CC = gcc CFLAGS = -O2 -march=native -g -fno-strict-aliasing OPTIONS = USE_ZLIB=1 USE_OPENSSL=1 USE_PCRE=1 USE_STATIC_PCRE=1 Default settings : maxconn = 2000, bufsize = 16384, maxrewrite = 8192, maxpollevents = 200 Encrypted password support via crypt(3): yes Built with zlib version : 1.2.3.4 Compression algorithms supported : identity, deflate, gzip Built with OpenSSL version : OpenSSL 0.9.8o 01 Jun 2010 OpenSSL library supports TLS extensions : yes OpenSSL library supports SNI : yes OpenSSL library supports prefer-server-ciphers : yes Available polling systems : epoll : pref=300, test result OK poll : pref=200, test result OK select : pref=150, test result OK Total: 3 (3 usable), will use epoll. Any help is welcome. Best regards, Hug
