mirror of
https://gitgud.io/fatchan/haproxy-protection.git
synced 2025-05-09 02:05:37 +00:00
WIP of configurable challenge settings per-domain with a ddos_config map and handling
This commit is contained in:
@ -83,7 +83,8 @@ frontend http-in
|
||||
|
||||
# acl for domains in maintenance mode to return maintenance page (after challenge page htp-request return rules, for the footerlogo)
|
||||
acl maintenance_mode hdr(host),lower,map_str(/etc/haproxy/map/maintenance.map) -m found
|
||||
use_backend maintenance if maintenance_mode
|
||||
http-request lua.set-lang-json if maintenance_mode
|
||||
http-request return lf-file /etc/haproxy/template/maintenance.html status 200 content-type "text/html; charset=utf-8" hdr "Cache-Control" "private, max-age=30" if maintenance_mode
|
||||
|
||||
# rewrite specific domain+path to domain or domain+path
|
||||
http-request redirect location https://%[base,map(/etc/haproxy/map/rewrite.map)] code 302 if { base,map(/etc/haproxy/map/rewrite.map) -i -m found }
|
||||
@ -115,7 +116,6 @@ frontend http-in
|
||||
http-request set-var(txn.path) path
|
||||
acl can_cache var(txn.path) -i -m end .png .jpg .jpeg .jpe .ico .webmanifest .xml .apng .bmp .webp .pjpeg .jfif .gif .mp4 .webm .mov .mkv .svg .m4a .aac .flac .mp3 .ogg .wav .opus .txt .pdf .sid
|
||||
|
||||
|
||||
# optional alt-svc header (done after cache so not set in cached responses
|
||||
http-response set-header Alt-Svc %[var(txn.xcn),map(/etc/haproxy/map/alt-svc.map)]
|
||||
|
||||
@ -144,10 +144,6 @@ cache basic_cache
|
||||
max-age 86400
|
||||
process-vary on
|
||||
|
||||
backend maintenance
|
||||
http-request lua.set-lang-json
|
||||
http-request return lf-file /etc/haproxy/template/maintenance.html status 200 content-type "text/html; charset=utf-8" hdr "Cache-Control" "private, max-age=30"
|
||||
|
||||
backend servers
|
||||
balance leastconn
|
||||
|
||||
|
@ -1,2 +1,3 @@
|
||||
localhost 1
|
||||
127.0.0.1 1
|
||||
127.0.0.1/captcha 2
|
||||
|
1
haproxy/map/ddos_config.map
Normal file
1
haproxy/map/ddos_config.map
Normal file
@ -0,0 +1 @@
|
||||
localhost {"pd":23,"pt":"sha256","cip":true,"cex":600}
|
@ -1 +0,0 @@
|
||||
localhost admin
|
||||
|
Reference in New Issue
Block a user