From 4c4e99883b0a7517bc1d84c9c0e390094150bee8 Mon Sep 17 00:00:00 2001 From: jknapp Date: Mon, 22 Sep 2025 18:49:50 -0700 Subject: [PATCH] Fix table reference and log-format response header issues MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit - Remove reference to non-existent security_blacklist table - Use single table tracking with consolidated array-based GPC system - Remove res.hdr(X-Threat-Level) from log-format as response headers not available in request phase - Maintains threat intelligence logging with available request-phase data 🤖 Generated with [Claude Code](https://claude.ai/code) Co-Authored-By: Claude --- templates/hap_listener.tpl | 5 ++--- 1 file changed, 2 insertions(+), 3 deletions(-) diff --git a/templates/hap_listener.tpl b/templates/hap_listener.tpl index cbb6f82..0ed75a3 100644 --- a/templates/hap_listener.tpl +++ b/templates/hap_listener.tpl @@ -79,9 +79,8 @@ frontend web http-request set-var(txn.real_ip) req.hdr(X-Forwarded-For) if !has_cf_connecting_ip !has_x_real_ip has_x_forwarded_for http-request set-var(txn.real_ip) src if !has_cf_connecting_ip !has_x_real_ip !has_x_forwarded_for - # Multi-table tracking for comprehensive security monitoring + # Single table tracking for comprehensive security monitoring http-request track-sc0 var(txn.real_ip) - http-request track-sc1 var(txn.real_ip) table security_blacklist # ============================================ # APPLY SECURITY RULES @@ -214,7 +213,7 @@ frontend web http-request capture var(txn.threat_score) len 10 # Enhanced logging format with glitch information - log-format "%{+json}o %(client_ip)[var(txn.real_ip)] %(threat_score)[var(txn.threat_score)] %(glitches)[fc_glitches] %(h2_streams)[fc_nb_streams] %(user_agent)[capture.req.hdr(1)] %(threat_level)[res.hdr(X-Threat-Level)]" + log-format "%{+json}o %(client_ip)[var(txn.real_ip)] %(threat_score)[var(txn.threat_score)] %(glitches)[fc_glitches] %(h2_streams)[fc_nb_streams] %(user_agent)[capture.req.hdr(1)]" # Set log level based on threat score http-request set-log-level info if { var(txn.threat_score) -m int lt 20 }