Cavemanon/haproxy-protection
8
Fork 0
mirror of https://gitgud.io/fatchan/haproxy-protection.git synced 2025-05-09 02:05:37 +00:00
Code Issues Packages Projects Releases Wiki Activity
Files
c16a554754a6b9fcf77f5c99623faf7237a19a2e
haproxy-protection/haproxy/haproxy.cfg
Thomas Lynch 48382434c4 change haproxy pathing from /usr/share/etc to /etc
2021-11-25 18:16:07 +11:00

45 lines
1.5 KiB
INI
Raw Blame History

global
daemon
maxconn 256
log stdout format raw local0 debug
lua-load /etc/haproxy/scripts/register.lua
stats socket /var/run/haproxy.sock mode 666 level admin
defaults
mode http
timeout connect 5000ms
timeout client 50000ms
timeout server 50000ms
frontend http-in
bind *:80
# acl for ddos_mode_enabled = global enabled OR domain enabled
acl ddos_mode_enabled hdr_cnt(xr3la1rfFc) eq 0
acl ddos_mode_enabled hdr(host) -i -f /etc/haproxy/ddos.map
#TODO: add ORs here for auto enable on traffic pattern
# check captcha cookie, separate map allows to disable captcha (still keeping POW)
acl captcha_passed var(txn.captcha_passed) -m bool
acl captcha_passed hdr(host),map_str(/etc/haproxy/no_captcha.map) -m found
# check proof of work cookie
acl pow_passed var(txn.pow_passed) -m bool
acl on_captcha_url path -m beg /bot-check
acl is_excluded path_end -i .js .ico
http-request use-service lua.hcaptcha-view if on_captcha_url !is_excluded
http-request lua.hcaptcha-check if !is_excluded !on_captcha_url ddos_mode_enabled
http-request lua.pow-check if !is_excluded !on_captcha_url ddos_mode_enabled
http-request redirect location /bot-check?%[capture.req.uri] code 302 if !captcha_passed !on_captcha_url ddos_mode_enabled !is_excluded OR !pow_passed !on_captcha_url ddos_mode_enabled !is_excluded
default_backend servers
backend servers
server server1 nginx:80 maxconn 32
backend hcaptcha
mode http
server hcaptcha hcaptcha.com:443
Reference in New Issue View Git Blame Copy Permalink