API tools faq
paste
Advertisement
Guest User

Untitled

a guest
Feb 19th, 2019
70
0
Never
Add comment
Not a member of Pastebin yet? Sign Up, it unlocks many cool features!
text 0.65 KB | None | 0 0
raw download clone embed print report
  1. # Use General Purpose Couter (gpc) 0 in SC1 as a global abuse counter
  2. # Monitors the number of request sent by an IP over a period of 10 seconds
  3. stick-table type ip size 1m expire 10s store gpc0,http_req_rate(10s)
  4. tcp-request connection track-sc1 src
  5. tcp-request connection reject if { src_get_gpc0 gt 0 }
  6.  
  7. # Table definition
  8. stick-table type ip size 100k expire 30s store conn_cur(3s)
  9. # Allow clean known IPs to bypass the filter
  10. tcp-request connection accept if { src -f /etc/haproxy/whitelist.lst }
  11. # Shut the new connection as long as the client has already 10 opened
  12. tcp-request connection reject if { src_conn_cur ge 10 }
  13. tcp-request connection track-sc1 src
Advertisement
Add Comment
Please, Sign In to add comment
Advertisement
Public Pastes
Advertisement
We use cookies for various purposes including analytics. By continuing to use Pastebin, you agree to our use of cookies as described in the Cookies Policy.  OK, I Understand
Not a member of Pastebin yet?
Sign Up, it unlocks many cool features!