Commit Graph

9 Commits

Author SHA1 Message Date
5ce4f910c2 Fix tarpit to only apply AFTER backend error responses
All checks were successful
HAProxy Manager Build and Push / Build-and-Push (push) Successful in 51s
Corrected the tarpit logic flow to work as intended:

1. Backend tracks 400/401/403/404 error responses via http-response
2. Counter increments AFTER the backend responds with an error
3. Frontend checks counter on SUBSEQUENT requests
4. Tarpit/blocking only applies after error thresholds are reached:
   - 5+ errors: Potential scanner (no action yet)
   - 15+ errors: Likely scanner (tarpit if also burst traffic)
   - 30+ errors: Confirmed scanner (always tarpit)
   - 50+ errors: Aggressive scanner (block with 429)

This ensures:
- Normal traffic is never delayed
- First requests always go through normally
- Only clients that accumulate errors get progressively slowed/blocked
- The tarpit is a response to bad behavior, not a preemptive measure

🤖 Generated with [Claude Code](https://claude.ai/code)

Co-Authored-By: Claude <noreply@anthropic.com>
2025-08-23 18:48:21 -07:00
1eed03a3b6 Add HAProxy tarpit escalation for exploit scanning protection
All checks were successful
HAProxy Manager Build and Push / Build-and-Push (push) Successful in 51s
Implement progressive tarpit delays and threat detection to slow down
attackers scanning for exploits. Features include:

- Stick table to track attacks with 2-hour expiry
- Escalating tarpit delays based on threat level and repeat offenses
- Threat level detection (low/medium/high/critical) based on scan attempts
- Rate-based attack detection for burst/sustained/persistent attacks
- Automatic scan attempt tracking via HTTP error responses (400/401/403/404)
- Detection of suspicious paths (admin panels, config files, etc.)
- Trusted network bypass for local/monitoring systems
- Progressive escalation levels that increase tarpit duration
- Critical threat blocking with 429 status

The system uses HAProxy's built-in tarpit mechanism to delay responses
up to 60 seconds for persistent attackers, effectively slowing down
vulnerability scanners while maintaining service for legitimate users.

🤖 Generated with [Claude Code](https://claude.ai/code)

Co-Authored-By: Claude <noreply@anthropic.com>
2025-08-23 18:09:28 -07:00
a7ce40f600 Fix server configuration templates - add proper newlines between server entries
All checks were successful
HAProxy Manager Build and Push / Build-and-Push (push) Successful in 40s
2025-07-13 01:21:19 -07:00
64c707317f Adding reload function and more tweaks for backends
All checks were successful
HAProxy Manager Build and Push / Build-and-Push (push) Successful in 48s
2025-03-09 10:59:03 -07:00
c27f7fb5e8 Adding httpchk options
All checks were successful
HAProxy Manager Build and Push / Build-and-Push (push) Successful in 37s
2025-03-07 17:19:22 -08:00
ff529be07f Fix Templates from causing errors with haproxy when added, Fix add notice when haproxy fails check
All checks were successful
HAProxy Manager Build and Push / Build-and-Push (push) Successful in 38s
2025-02-21 06:28:51 -08:00
0357a73770 cleanup template
All checks were successful
HAProxy Manager Build and Push / Build-and-Push (push) Successful in 37s
2025-02-20 17:13:25 -08:00
305fffba42 haproxy manager 2025-02-20 13:41:38 -08:00
9c52edd53a Not fully working, but saving progress 2025-02-19 07:53:26 -08:00