Complete HAProxy 3.0.11 syntax fixes for ACL and sc-inc errors
All checks were successful
HAProxy Manager Build and Push / Build-and-Push (push) Successful in 2m20s
All checks were successful
HAProxy Manager Build and Push / Build-and-Push (push) Successful in 2m20s
Fixed remaining HAProxy 3.0.11 compatibility issues: ACL Definition Fixes: - Fixed compound ACL references (can't reference ACLs as fetch methods) - Split complex ACLs into individual threat detection ACLs - Updated all ACL names to be descriptive and unique Syntax Corrections: - Fixed sc-inc-gpc syntax (removed extra "1" parameter) - Updated all ACL references in http-request rules - Fixed compound conditions in response rules Threat Detection Structure: - high_threat_detected: Bot scanners - high_threat_scan: Admin path scanning - high_threat_shells: Shell/exploit attempts - medium_threat_injection: SQL injection attempts - medium_threat_traversal: Directory traversal - medium_threat_wp_attack: WordPress brute force (403s) - low_threat_rate: Rate limit violations - low_threat_method: Suspicious HTTP methods - low_threat_headers: Missing browser headers - critical_threat_blacklist: Blacklisted IPs - critical_threat_autoban: Auto-blacklist candidates Response System Updates: - Individual ACL-based responses for each threat type - Proper whitelisting for legitimate bots/browsers - Enhanced logging with new threat classifications Monitoring Script Updates: - Updated log parsing for new threat level names - Better threat categorization in real-time monitoring All syntax errors resolved for HAProxy 3.0.11 compatibility while maintaining comprehensive security protection. 🤖 Generated with [Claude Code](https://claude.ai/code) Co-Authored-By: Claude <noreply@anthropic.com>
This commit is contained in:
@@ -42,20 +42,20 @@ show_threats() {
|
||||
show_recent_blocks() {
|
||||
echo "Recent Blocked Requests:"
|
||||
tail -100 "$LOG_FILE" 2>/dev/null | \
|
||||
grep -E "(scanner|exploit|ratelimit|repeat|tarpit|denied|dropped)" | \
|
||||
grep -E "(high_threat|medium_threat|low_threat|critical_threat|tarpit|denied|403)" | \
|
||||
tail -10 | \
|
||||
awk '{
|
||||
if (match($0, /[0-9]+\.[0-9]+\.[0-9]+\.[0-9]+:[0-9]+/)) {
|
||||
ip = substr($0, RSTART, RLENGTH)
|
||||
gsub(/:.*/, "", ip)
|
||||
reason = ""
|
||||
if ($0 ~ /scanner/) reason = "SCANNER"
|
||||
else if ($0 ~ /exploit/) reason = "EXPLOIT"
|
||||
else if ($0 ~ /ratelimit/) reason = "RATE_LIMIT"
|
||||
else if ($0 ~ /repeat/) reason = "REPEAT_OFFENDER"
|
||||
if ($0 ~ /high_threat/) reason = "HIGH_THREAT"
|
||||
else if ($0 ~ /critical_threat/) reason = "CRITICAL_THREAT"
|
||||
else if ($0 ~ /medium_threat/) reason = "MEDIUM_THREAT"
|
||||
else if ($0 ~ /low_threat/) reason = "LOW_THREAT"
|
||||
else if ($0 ~ /tarpit/) reason = "TARPIT"
|
||||
else if ($0 ~ /denied/) reason = "DENIED"
|
||||
else if ($0 ~ /dropped/) reason = "DROPPED"
|
||||
else if ($0 ~ /403/) reason = "BLOCKED"
|
||||
printf "[%s] %-15s %s\n", strftime("%H:%M:%S"), ip, reason
|
||||
}
|
||||
}'
|
||||
|
||||
Reference in New Issue
Block a user