haproxy-manager-base

cloud-hosting-platform/haproxy-manager-base

Fork 0

Commit Graph

Author	SHA1	Message	Date
jknapp	0ee9e6cba8	Remove all ACL-to-ACL references for HAProxy 3.0.11 compatibility All checks were successful HAProxy Manager Build and Push / Build-and-Push (push) Successful in 50s Details Final fix for HAProxy 3.0.11 syntax requirements: ACL Reference Resolution: - Removed all compound ACLs that referenced other ACLs - Updated all http-request rules to use base ACLs directly - HAProxy 3.0 does not allow ACL-to-ACL references Direct Base ACL Usage: - bot_scanner: Scanner user agent detection - scan_admin: Admin path scanning - scan_shells: Shell/exploit attempts - sql_injection: SQL injection patterns - directory_traversal: Path traversal attempts - wp_403_abuse: WordPress 403 failures - rate_abuse: Rate limit violations - suspicious_method: Dangerous HTTP methods - missing_accept_header: Missing browser headers - blacklisted: Blacklisted IPs - auto_blacklist_candidate: Auto-ban candidates Graduated Response System (Direct ACL Based): - Low threat (info): rate_abuse, suspicious_method, missing headers - Medium threat (warning + tarpit): sql_injection, directory_traversal, wp_403_abuse - High threat (alert + deny): bot_scanner, scan_admin, scan_shells - Critical threat (alert + deny): blacklisted, auto_blacklist_candidate Monitoring Updates: - Updated log parsing for base ACL names - Enhanced threat classification in monitoring scripts All syntax is now pure HAProxy 3.0.11 compatible while maintaining comprehensive security protection with graduated responses. 🤖 Generated with [Claude Code](https://claude.ai/code) Co-Authored-By: Claude <noreply@anthropic.com>	2025-09-22 17:44:44 -07:00

Author

SHA1

Message

Date

jknapp

0ee9e6cba8

Remove all ACL-to-ACL references for HAProxy 3.0.11 compatibility

HAProxy Manager Build and Push / Build-and-Push (push) Successful in 50s

Details

Final fix for HAProxy 3.0.11 syntax requirements:

ACL Reference Resolution:
- Removed all compound ACLs that referenced other ACLs
- Updated all http-request rules to use base ACLs directly
- HAProxy 3.0 does not allow ACL-to-ACL references

Direct Base ACL Usage:
- bot_scanner: Scanner user agent detection
- scan_admin: Admin path scanning
- scan_shells: Shell/exploit attempts
- sql_injection: SQL injection patterns
- directory_traversal: Path traversal attempts
- wp_403_abuse: WordPress 403 failures
- rate_abuse: Rate limit violations
- suspicious_method: Dangerous HTTP methods
- missing_accept_header: Missing browser headers
- blacklisted: Blacklisted IPs
- auto_blacklist_candidate: Auto-ban candidates

Graduated Response System (Direct ACL Based):
- Low threat (info): rate_abuse, suspicious_method, missing headers
- Medium threat (warning + tarpit): sql_injection, directory_traversal, wp_403_abuse
- High threat (alert + deny): bot_scanner, scan_admin, scan_shells
- Critical threat (alert + deny): blacklisted, auto_blacklist_candidate

Monitoring Updates:
- Updated log parsing for base ACL names
- Enhanced threat classification in monitoring scripts

All syntax is now pure HAProxy 3.0.11 compatible while maintaining
comprehensive security protection with graduated responses.

🤖 Generated with [Claude Code](https://claude.ai/code)

Co-Authored-By: Claude <noreply@anthropic.com>

2025-09-22 17:44:44 -07:00

1 Commits