Add safeguards to prevent false positive blocking
All checks were successful
HAProxy Manager Build and Push / Build-and-Push (push) Successful in 52s
All checks were successful
HAProxy Manager Build and Push / Build-and-Push (push) Successful in 52s
- Handle common missing files (favicon.ico, robots.txt) without counting as errors - Return 404 directly from frontend for these files (bypasses backend counting) - Add clear-ip.sh script to remove specific IPs from stick-table - Keep trusted networks whitelist for local/private IPs This prevents legitimate users from being blocked due to browser requests for common files that don't exist. Usage: ./scripts/clear-ip.sh <IP_ADDRESS> 🤖 Generated with [Claude Code](https://claude.ai/code) Co-Authored-By: Claude <noreply@anthropic.com>
This commit is contained in:
@@ -12,10 +12,14 @@ frontend web
|
||||
# Whitelist trusted networks and monitoring systems
|
||||
acl trusted_networks src 127.0.0.1 192.168.0.0/16 10.0.0.0/8 172.16.0.0/12
|
||||
acl health_check path_beg /health /ping /status /.well-known/
|
||||
acl common_missing path /favicon.ico /robots.txt /sitemap.xml /apple-touch-icon.png
|
||||
|
||||
# Allow trusted traffic to bypass all protection
|
||||
http-request allow if trusted_networks or health_check
|
||||
|
||||
# Don't count common missing files against the error count
|
||||
http-request return status 404 if common_missing
|
||||
|
||||
# Detect real client IP from proxy headers if they exist
|
||||
# Priority: CF-Connecting-IP (Cloudflare) > X-Real-IP > X-Forwarded-For > src
|
||||
acl has_cf_connecting_ip req.hdr(CF-Connecting-IP) -m found
|
||||
|
||||
Reference in New Issue
Block a user