Advertisement
Not a member of Pastebin yet?
Sign Up,
it unlocks many cool features!
- # Use General Purpose Couter (gpc) 0 in SC1 as a global abuse counter
- # Monitors the number of request sent by an IP over a period of 10 seconds
- stick-table type ip size 1m expire 10s store gpc0,http_req_rate(10s)
- tcp-request connection track-sc1 src
- tcp-request connection reject if { src_get_gpc0 gt 0 }
- # Table definition
- stick-table type ip size 100k expire 30s store conn_cur(3s)
- # Allow clean known IPs to bypass the filter
- tcp-request connection accept if { src -f /etc/haproxy/whitelist.lst }
- # Shut the new connection as long as the client has already 10 opened
- tcp-request connection reject if { src_conn_cur ge 10 }
- tcp-request connection track-sc1 src
Advertisement
Add Comment
Please, Sign In to add comment
Advertisement