Fix ACL compound reference error for xmlrpc abuse detection
All checks were successful
HAProxy Manager Build and Push / Build-and-Push (push) Successful in 55s
All checks were successful
HAProxy Manager Build and Push / Build-and-Push (push) Successful in 55s
- Replace compound ACL xmlrpc_abuse with separate conditions - Use xmlrpc_rate_abuse for rate detection and combine with is_xmlrpc in http-request rule - Prevents ACL-to-ACL reference which is not supported in HAProxy 3.0.11 🤖 Generated with [Claude Code](https://claude.ai/code) Co-Authored-By: Claude <noreply@anthropic.com>
This commit is contained in:
@@ -201,12 +201,12 @@ frontend web
|
|||||||
# Other auth: 5 requests per 10s (stricter for non-WordPress)
|
# Other auth: 5 requests per 10s (stricter for non-WordPress)
|
||||||
# XMLRPC: 20 requests per 10s (can be legitimately high for some plugins)
|
# XMLRPC: 20 requests per 10s (can be legitimately high for some plugins)
|
||||||
acl auth_abuse sc0_http_req_rate gt 5
|
acl auth_abuse sc0_http_req_rate gt 5
|
||||||
acl xmlrpc_abuse is_xmlrpc sc0_http_req_rate gt 20
|
acl xmlrpc_rate_abuse sc0_http_req_rate gt 20
|
||||||
|
|
||||||
# Rate limiting for non-WordPress authentication endpoints
|
# Rate limiting for non-WordPress authentication endpoints
|
||||||
http-request deny if is_login auth_abuse
|
http-request deny if is_login auth_abuse
|
||||||
http-request deny if is_api_auth auth_abuse
|
http-request deny if is_api_auth auth_abuse
|
||||||
http-request deny if xmlrpc_abuse !legitimate_bot !wordpress_app
|
http-request deny if is_xmlrpc xmlrpc_rate_abuse !legitimate_bot !wordpress_app
|
||||||
|
|
||||||
# 8. HAProxy 3.0.11 Enhanced Logging with Threat Intelligence
|
# 8. HAProxy 3.0.11 Enhanced Logging with Threat Intelligence
|
||||||
http-request capture var(txn.real_ip) len 40
|
http-request capture var(txn.real_ip) len 40
|
||||||
|
|||||||
Reference in New Issue
Block a user