cloud-hosting-platform/haproxy-manager-base
3
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

Fix HAProxy 3.0 stick-table and ACL syntax errors
All checks were successful
HAProxy Manager Build and Push / Build-and-Push (push) Successful in 52s
Details

Browse Source 
- Remove duplicate http_err_rate entries (only one period allowed)
- Simplify to single http_err_rate(10s) for burst detection
- Fix sc0_http_err_rate ACL syntax (remove period argument)
- Replace time-based sustained/persistent attack detection with counter-based thresholds
- Use gpc0 counter thresholds for sustained (>=15) and persistent (>=30) attack detection

This resolves the configuration errors in HAProxy 3.0.11 while maintaining
effective exploit scanning protection through counter-based detection.

🤖 Generated with [Claude Code](https://claude.ai/code)

Co-Authored-By: Claude <noreply@anthropic.com>
This commit is contained in:
jknapp
2025-08-23 18:36:02 -07:00
parent 99435ee3e0
commit f3569402d3
2 changed files with 6 additions and 5 deletions
Download Patch File Download Diff File Expand all files Collapse all files

1
CLAUDE.md
View File

@@ -79,3 +79,4 @@ This file provides guidance to Claude Code (claude.ai/code) when working with co
- Exposes ports 80 (HTTP), 443 (HTTPS), and 8000 (management API/UI) - Exposes ports 80 (HTTP), 443 (HTTPS), and 8000 (management API/UI)
- Management interface on port 8000 should be firewall-protected in production - Management interface on port 8000 should be firewall-protected in production
- Supports deployment on servers with git directory at `/root/whp` and web file sync via rsync to `/docker/whp/web/` - Supports deployment on servers with git directory at `/root/whp` and web file sync via rsync to `/docker/whp/web/`
- HAProxy is version 3.0.11

8
templates/hap_listener.tpl
View File

@@ -7,7 +7,7 @@ frontend web
# Stick table for tracking attacks with escalating timeouts # Stick table for tracking attacks with escalating timeouts
# gpc0 = total scan attempts # gpc0 = total scan attempts
# gpc1 = escalation level (0=none, 1=level1, 2=level2, 3=level3) # gpc1 = escalation level (0=none, 1=level1, 2=level2, 3=level3)
stick-table type ip size 200k expire 2h store gpc0,gpc1,http_err_rate(30s),http_err_rate(300s),http_err_rate(3600s) stick-table type ip size 200k expire 2h store gpc0,gpc1,http_err_rate(10s)
# Whitelist trusted networks and monitoring systems # Whitelist trusted networks and monitoring systems
acl trusted_networks src 127.0.0.1 192.168.0.0/16 10.0.0.0/8 172.16.0.0/12 acl trusted_networks src 127.0.0.1 192.168.0.0/16 10.0.0.0/8 172.16.0.0/12
@@ -32,9 +32,9 @@ frontend web
acl critical_threat sc0_get_gpc0 ge 50 acl critical_threat sc0_get_gpc0 ge 50
# Rate-based detection (burst attacks) # Rate-based detection (burst attacks)
acl burst_attack sc0_http_err_rate(30s) gt 8 # >8 errors in 30 seconds acl burst_attack sc0_http_err_rate gt 8 # >8 errors in 10 seconds
acl sustained_attack sc0_http_err_rate(300s) gt 3 # >3 errors/min for 5 minutes acl sustained_attack sc0_get_gpc0 ge 15 # Multiple sustained errors
acl persistent_attack sc0_http_err_rate(3600s) gt 1 # >1 error/min for 1 hour acl persistent_attack sc0_get_gpc0 ge 30 # Persistent scanning
# Escalation levels (tracks how many times we've escalated this IP) # Escalation levels (tracks how many times we've escalated this IP)
acl escalation_level_0 sc0_get_gpc1 eq 0 acl escalation_level_0 sc0_get_gpc1 eq 0