HAProxy rate limiting - ban abuser for 30 minutes

rate-limiting haproxy

Andy, The trick is to add another backend that you only use for the extra stick table. You can only have one stick table per backend - BUT you can use them in ANY front/back end... So I just add one called Abuse that you can then use as a global 60 minute ban for any backend... You will need to change my example but try something like this:

# ABUSE SECTION works with http mode dependent on src ip
tcp-request content reject if { src_get_gpc0(Abuse) gt 0 }
acl abuse src_http_req_rate(Abuse) ge 10
acl flag_abuser src_inc_gpc0(Abuse) ge 0
acl scanner src_http_err_rate(Abuse) ge 10

# Returns a 403 to the abuser and flags for tcp-reject next time
http-request deny if abuse flag_abuser
http-request deny if scanner flag_abuser

backend Abuse
stick-table type ip size 1m expire 60m store conn_rate(3s),conn_cur,gpc0,http_req_rate(10s),http_err_rate(20s)

Related

hetzner default nameservers not always resolving
Which CentOS security policy is suitable for a single-purpose server?
Use cached file mtime as Last-Modified header value
Elastic Search listening only on IPv6 [CentOS]
SAN, ISCSI and Multipath (MLAG?)
procmail insists in writing to /var/mail in macOS Sierra
Unable to set up Nginx to handle PHP along with proxy_pass
Windows 2016 Storage Spaces Direct + Data Deduplication
Using a VMWare Server to host ISCSI drive
Two-Node Failover Cluster with internal storage
mysqldump: The 'INFORMATION_SCHEMA.SESSION_VARIABLES' feature is disabled
BIND, RPZ and Forwarding priorities