haproxy-manager-base

cloud-hosting-platform/haproxy-manager-base

Fork 0

Commit Graph

Author	SHA1	Message	Date
jknapp	948fdecf52	Update all backend templates with real IP forwarding and scan detection All checks were successful HAProxy Manager Build and Push / Build-and-Push (push) Successful in 51s Details Extends the tarpit protection and real IP handling to all backend templates, ensuring consistent behavior across different backend configurations. Changes to all backend templates: - Pass real client IP via X-CLIENT-IP and X-Real-IP headers - Use var(txn.real_ip) which contains the actual client IP (from proxy headers or direct) - Add scan attempt detection (400/401/403/404 errors) - Track suspicious paths (admin panels, config files, etc.) - Increment error counters for tarpit decisions Updated templates: - hap_backend.tpl: Main backend template - hap_backend_http_check.tpl: Backend with HTTP health checks - hap_backend_basic.tpl: Minimal backend configuration Benefits: - Backend applications receive the real client IP, not proxy IPs - All backend types now contribute to scan detection - Consistent security across different backend configurations - Works seamlessly with Cloudflare and other CDNs 🤖 Generated with [Claude Code](https://claude.ai/code) Co-Authored-By: Claude <noreply@anthropic.com>	2025-08-24 06:59:26 -07:00
jknapp	a7ce40f600	Fix server configuration templates - add proper newlines between server entries All checks were successful HAProxy Manager Build and Push / Build-and-Push (push) Successful in 40s Details	2025-07-13 01:21:19 -07:00
jknapp	64c707317f	Adding reload function and more tweaks for backends All checks were successful HAProxy Manager Build and Push / Build-and-Push (push) Successful in 48s Details	2025-03-09 10:59:03 -07:00

Author

SHA1

Message

Date

jknapp

948fdecf52

Update all backend templates with real IP forwarding and scan detection

HAProxy Manager Build and Push / Build-and-Push (push) Successful in 51s

Details

Extends the tarpit protection and real IP handling to all backend templates,
ensuring consistent behavior across different backend configurations.

Changes to all backend templates:
- Pass real client IP via X-CLIENT-IP and X-Real-IP headers
- Use var(txn.real_ip) which contains the actual client IP (from proxy headers or direct)
- Add scan attempt detection (400/401/403/404 errors)
- Track suspicious paths (admin panels, config files, etc.)
- Increment error counters for tarpit decisions

Updated templates:
- hap_backend.tpl: Main backend template
- hap_backend_http_check.tpl: Backend with HTTP health checks
- hap_backend_basic.tpl: Minimal backend configuration

Benefits:
- Backend applications receive the real client IP, not proxy IPs
- All backend types now contribute to scan detection
- Consistent security across different backend configurations
- Works seamlessly with Cloudflare and other CDNs

🤖 Generated with [Claude Code](https://claude.ai/code)

Co-Authored-By: Claude <noreply@anthropic.com>

2025-08-24 06:59:26 -07:00

jknapp

a7ce40f600

Fix server configuration templates - add proper newlines between server entries

HAProxy Manager Build and Push / Build-and-Push (push) Successful in 40s

Details

2025-07-13 01:21:19 -07:00

jknapp

64c707317f

Adding reload function and more tweaks for backends

HAProxy Manager Build and Push / Build-and-Push (push) Successful in 48s

Details

2025-03-09 10:59:03 -07:00

3 Commits