Cavemanon/haproxy-protection
8
Fork 0
mirror of https://gitgud.io/fatchan/haproxy-protection.git synced 2025-05-09 02:05:37 +00:00
Code Issues Packages Projects Releases Wiki Activity

Make blocked and whitelist maps multi tenant

Browse Source
This commit is contained in:
Thomas Lynch
2023-09-07 16:47:21 +10:00
parent d687e54d17
commit 93cac69798
9 changed files with 43 additions and 81 deletions
Download Patch File Download Diff File Expand all files Collapse all files

8
haproxy/haproxy.cfg
View File

@ -69,7 +69,9 @@ frontend http-in
http-request return status 200 content-type "text/plain; charset=utf-8" lf-file /etc/haproxy/template/trace.txt if { path /.basedflare/cgi/trace }
# acl for blocked IPs/subnets
acl blocked_ip_or_subnet src,map_ip(/etc/haproxy/map/blocked.map) -m found
acl found_in_blocked_map src,map_ip(/etc/haproxy/map/blocked.map) -m found
acl blocked_ip_or_subnet var(txn.blocked_ip_or_subnet) -m bool
http-request lua.set-ip-var "blocked" "txn.blocked_ip_or_subnet" if found_in_blocked_map
http-request deny deny_status 403 if blocked_ip_or_subnet
# ratelimit (and for tor, kill circuit) on POST bot-check. legitimate users shouldn't hit this.
@ -78,7 +80,9 @@ frontend http-in
# http-request tarpit if { sc_http_req_rate(0) gt 1 }
# acl for lua check whitelisted IPs/subnets and some excluded paths
acl is_excluded src,map_ip(/etc/haproxy/map/whitelist.map) -m found
acl found_in_whitelist_map src,map_ip(/etc/haproxy/map/whitelist.map) -m found
acl is_excluded var(txn.whitelist_ip_or_subnet) -m bool
http-request lua.set-ip-var "whitelist" "txn.whitelist_ip_or_subnet" if found_in_whitelist_map
acl is_excluded src -f /etc/haproxy/map/crawler-whitelist.map
acl is_excluded path /favicon.ico /.basedflare/pow-icon #add more