haproxy-manager-base

cloud-hosting-platform/haproxy-manager-base

Fork 0

Commit Graph

Author	SHA1	Message	Date
jknapp	65248680a5	Fix HAProxy 3.0.11 compatibility issues All checks were successful HAProxy Manager Build and Push / Build-and-Push (push) Successful in 1m54s Details Major syntax and configuration updates for HAProxy 3.0.11: Configuration Fixes: - Remove conflicting stick-table declarations in frontend - Move security tables to separate backend sections - Fix ACL syntax errors (missing_browser_headers → separate ACLs) - Remove unsupported add-var() syntax - Simplify threat scoring to use flags instead of cumulative values Security Table Architecture: - security_blacklist: 24h persistent offender tracking - wp_403_track: WordPress authentication failure monitoring - Separated from main frontend table to avoid conflicts Simplified Threat Detection: - low_threat: Rate abuse, suspicious methods, missing headers - medium_threat: SQL injection, directory traversal, WordPress brute force - high_threat: Bot scanners, admin scans, shell attempts - critical_threat: Blacklisted IPs, auto-blacklist candidates Response System: - Low threat: Warning headers only - Medium threat: Tarpit delays - High threat: Immediate deny (403) - Critical threat: Blacklist and deny Enhanced Compatibility: - Removed HAProxy 2.6-specific syntax - Updated to HAProxy 3.0.11 requirements - Maintained security effectiveness with simpler logic - Added security tables template integration The system maintains comprehensive protection while being compatible with HAProxy 3.0.11's stricter parsing and syntax requirements. 🤖 Generated with [Claude Code](https://claude.ai/code) Co-Authored-By: Claude <noreply@anthropic.com>	2025-09-22 17:29:32 -07:00

Author

SHA1

Message

Date

jknapp

65248680a5

Fix HAProxy 3.0.11 compatibility issues

HAProxy Manager Build and Push / Build-and-Push (push) Successful in 1m54s

Details

Major syntax and configuration updates for HAProxy 3.0.11:

Configuration Fixes:
- Remove conflicting stick-table declarations in frontend
- Move security tables to separate backend sections
- Fix ACL syntax errors (missing_browser_headers → separate ACLs)
- Remove unsupported add-var() syntax
- Simplify threat scoring to use flags instead of cumulative values

Security Table Architecture:
- security_blacklist: 24h persistent offender tracking
- wp_403_track: WordPress authentication failure monitoring
- Separated from main frontend table to avoid conflicts

Simplified Threat Detection:
- low_threat: Rate abuse, suspicious methods, missing headers
- medium_threat: SQL injection, directory traversal, WordPress brute force
- high_threat: Bot scanners, admin scans, shell attempts
- critical_threat: Blacklisted IPs, auto-blacklist candidates

Response System:
- Low threat: Warning headers only
- Medium threat: Tarpit delays
- High threat: Immediate deny (403)
- Critical threat: Blacklist and deny

Enhanced Compatibility:
- Removed HAProxy 2.6-specific syntax
- Updated to HAProxy 3.0.11 requirements
- Maintained security effectiveness with simpler logic
- Added security tables template integration

The system maintains comprehensive protection while being compatible
with HAProxy 3.0.11's stricter parsing and syntax requirements.

🤖 Generated with [Claude Code](https://claude.ai/code)

Co-Authored-By: Claude <noreply@anthropic.com>

2025-09-22 17:29:32 -07:00

1 Commits