WIP of configurable challenge settings per-domain with a ddos_config map and handling

This commit is contained in:
Thomas Lynch
2023-05-21 19:50:38 +10:00
parent 14922d7e2f
commit 22b6b4795e
7 changed files with 56 additions and 39 deletions

View File

@ -83,7 +83,8 @@ frontend http-in
# acl for domains in maintenance mode to return maintenance page (after challenge page htp-request return rules, for the footerlogo)
acl maintenance_mode hdr(host),lower,map_str(/etc/haproxy/map/maintenance.map) -m found
use_backend maintenance if maintenance_mode
http-request lua.set-lang-json if maintenance_mode
http-request return lf-file /etc/haproxy/template/maintenance.html status 200 content-type "text/html; charset=utf-8" hdr "Cache-Control" "private, max-age=30" if maintenance_mode
# rewrite specific domain+path to domain or domain+path
http-request redirect location https://%[base,map(/etc/haproxy/map/rewrite.map)] code 302 if { base,map(/etc/haproxy/map/rewrite.map) -i -m found }
@ -115,7 +116,6 @@ frontend http-in
http-request set-var(txn.path) path
acl can_cache var(txn.path) -i -m end .png .jpg .jpeg .jpe .ico .webmanifest .xml .apng .bmp .webp .pjpeg .jfif .gif .mp4 .webm .mov .mkv .svg .m4a .aac .flac .mp3 .ogg .wav .opus .txt .pdf .sid
# optional alt-svc header (done after cache so not set in cached responses
http-response set-header Alt-Svc %[var(txn.xcn),map(/etc/haproxy/map/alt-svc.map)]
@ -144,10 +144,6 @@ cache basic_cache
max-age 86400
process-vary on
backend maintenance
http-request lua.set-lang-json
http-request return lf-file /etc/haproxy/template/maintenance.html status 200 content-type "text/html; charset=utf-8" hdr "Cache-Control" "private, max-age=30"
backend servers
balance leastconn

View File

@ -1,2 +1,3 @@
localhost 1
127.0.0.1 1
127.0.0.1/captcha 2

View File

@ -0,0 +1 @@
localhost {"pd":23,"pt":"sha256","cip":true,"cex":600}

View File

@ -1 +0,0 @@
localhost admin