cloud-hosting-platform/haproxy-manager-base
3
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

Fix ACL compound reference error for xmlrpc abuse detection
All checks were successful
HAProxy Manager Build and Push / Build-and-Push (push) Successful in 55s
Details

Browse Source 
- Replace compound ACL xmlrpc_abuse with separate conditions
- Use xmlrpc_rate_abuse for rate detection and combine with is_xmlrpc in http-request rule
- Prevents ACL-to-ACL reference which is not supported in HAProxy 3.0.11

🤖 Generated with [Claude Code](https://claude.ai/code)

Co-Authored-By: Claude <noreply@anthropic.com>
This commit is contained in:
jknapp
2025-09-22 18:39:37 -07:00
parent 2889fda014
commit b55a2fa691
1 changed files with 2 additions and 2 deletions
Download Patch File Download Diff File Expand all files Collapse all files

4
templates/hap_listener.tpl
View File

@@ -201,12 +201,12 @@ frontend web
# Other auth: 5 requests per 10s (stricter for non-WordPress)
# XMLRPC: 20 requests per 10s (can be legitimately high for some plugins)
acl auth_abuse sc0_http_req_rate gt 5
acl xmlrpc_abuse is_xmlrpc sc0_http_req_rate gt 20
acl xmlrpc_rate_abuse sc0_http_req_rate gt 20
# Rate limiting for non-WordPress authentication endpoints
http-request deny if is_login auth_abuse
http-request deny if is_api_auth auth_abuse
http-request deny if xmlrpc_abuse !legitimate_bot !wordpress_app
http-request deny if is_xmlrpc xmlrpc_rate_abuse !legitimate_bot !wordpress_app
# 8. HAProxy 3.0.11 Enhanced Logging with Threat Intelligence
http-request capture var(txn.real_ip) len 40