Implement progressive protection: tarpit → silent-drop → block
All checks were successful
HAProxy Manager Build and Push / Build-and-Push (push) Successful in 1m20s
All checks were successful
HAProxy Manager Build and Push / Build-and-Push (push) Successful in 1m20s
- Set tarpit timeout to 10 seconds for initial offenders - Use silent-drop for obvious scanners (35+ errors) and repeat offenders - Silent-drop immediately closes connection without response - Keep 429 block for critical threats (50+ errors) Protection levels: - 10-19 errors: 10s tarpit - 20-34 errors: 10s tarpit (first), silent-drop (repeat) - 35-49 errors: silent-drop - 50+ errors: 429 block - Burst attacks: 10s tarpit (first), silent-drop (repeat) Updated monitoring script to show correct status based on new logic. 🤖 Generated with [Claude Code](https://claude.ai/code) Co-Authored-By: Claude <noreply@anthropic.com>
This commit is contained in:
@@ -45,6 +45,6 @@ defaults
|
||||
timeout server 10m
|
||||
timeout http-keep-alive 120s
|
||||
timeout check 10s
|
||||
timeout tarpit 30s # Tarpit delay for detected scanners (fixed in HAProxy 3.0)
|
||||
timeout tarpit 10s # Tarpit delay for low-level scanners (before silent-drop)
|
||||
maxconn 3000
|
||||
|
||||
Reference in New Issue
Block a user