cloud-hosting-platform/haproxy-manager-base
3
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

Commit Graph

  • 220b28f0c4 haproxy: use req.hdr_ip for real-IP resolution (string-IP crashed Coraza SPOA) main Josh Knapp 2026-05-14 08:57:05 -07:00
  • 9770398ab0 coraza: pass var(txn.real_ip) instead of src to Coraza (real client IP in WAF logs) Josh Knapp 2026-05-14 08:52:01 -07:00
  • 633d9390f2 coraza: pin go.mod to 1.23 (matches go mod tidy output; Dockerfile still uses 1.25 image) Josh Knapp 2026-05-14 08:08:38 -07:00
  • 6d43308073 coraza: pre-CRS Include for runtime per-host exemptions (load-order fix) Josh Knapp 2026-05-14 07:55:51 -07:00
  • 489290ed33 coraza: ship rules-catalog.json generated from bundled CRS at build time Josh Knapp 2026-05-14 06:57:42 -07:00
  • b2adcdbed9 coraza: reserve rule-ID range 990000000-990999999 for WHP-generated rules Josh Knapp 2026-05-14 06:53:37 -07:00
  • 1f1bc1837e coraza: add second Include for runtime-managed local-overrides.conf Josh Knapp 2026-05-14 06:51:24 -07:00
  • 753743de20 coraza: drop 913xxx scanner-UA from enforce list (FP on Mastodon + SiteLock) Josh Knapp 2026-05-13 19:13:22 -07:00
  • 5e5234cb14 refactor(suspension): serve via /suspended route on default-backend, drop bk_suspended Josh Knapp 2026-05-13 12:08:45 -07:00
  • 6fd07b4c54 fix(suspended): tolerate startup DNS failure + use docker_dns resolvers Josh Knapp 2026-05-13 11:52:50 -07:00
  • 2ef582a3de feat(suspension): opt-in routing for suspended hosts via bk_suspended backend Josh Knapp 2026-05-13 11:46:18 -07:00
  • 3572c66fb7 coraza: promote 920440 + 930130 to enforce list (empirical detect-only data) Josh Knapp 2026-05-12 18:00:21 -07:00
  • ba4c101135 fix(coraza): add deny rules that act on Coraza's verdict + spop-check on backend Josh Knapp 2026-05-12 17:16:03 -07:00
  • f1e9bb2c63 fix(coraza-spoe): match upstream's required spoe shape (groups, arg order, names) Josh Knapp 2026-05-12 17:12:09 -07:00
  • 061309675b fix(coraza-spoe): collapse args to one line + ensure trailing LF on spoe cfg Josh Knapp 2026-05-12 17:07:12 -07:00
  • 4769f67fe9 fix(coraza): ensure haproxy.cfg ends with LF when SPOE backend appended Josh Knapp 2026-05-12 17:03:56 -07:00
  • 3e1f9dda2b fix(template): strip Jinja2 whitespace so no-env-var listener is byte-identical Josh Knapp 2026-05-12 16:59:40 -07:00
  • 73b9104565 PR 2/3: opt-in SPOE integration for Coraza WAF Josh Knapp 2026-05-12 16:49:29 -07:00
  • 4e0c22e9c9 ci: mirror golang:1.25 alongside python:3.12-slim, switch coraza-spoa FROM Josh Knapp 2026-05-12 16:40:42 -07:00
  • e4c506bcd9 PR 1/3: add coraza-spoa sidecar image Josh Knapp 2026-05-12 16:28:44 -07:00
  • 55670daf5b ci: add weekly Gitea Action to mirror python:3.12-slim into in-house registry Josh Knapp 2026-05-12 16:18:32 -07:00
  • 5a2ebf991c ci: mirror python:3.12-slim into in-house registry Josh Knapp 2026-05-12 16:08:44 -07:00
  • bdd7d2f098 swap werkzeug dev server for gunicorn + accept all HTTP methods on default/blocked pages Josh Knapp 2026-05-12 15:24:28 -07:00
  • 8a86beac73 feat: clear stale certbot lock files before each ACME run + at startup Josh Knapp 2026-05-09 12:09:19 -07:00
  • f7ef34b988 feat(api/ssl/bundle): clean up superseded lineages after issuance Josh Knapp 2026-05-09 11:58:21 -07:00
  • 90255cc4b3 feat(api): add /api/ssl/bundle for per-site SAN cert issuance Josh Knapp 2026-05-09 11:32:15 -07:00
  • b731feab12 Self-heal trusted IP whitelist files at startup Josh Knapp 2026-04-30 10:02:16 -07:00
  • 615044fa14 Fix resolvers block placement — must be outside global section Josh Knapp 2026-04-02 05:18:48 -07:00
  • cf4eb5092c Add DNS resolver for automatic container IP re-resolution Josh Knapp 2026-04-01 22:27:07 -07:00
  • ecf891ff02 Don't abort cert renewal when a single domain fails Josh Knapp 2026-04-01 15:17:15 -07:00
  • 3da5df67d0 Update CLAUDE.md with HAProxy hardening and AI log monitor docs Josh Knapp 2026-04-01 08:16:44 -07:00
  • da40328438 Fix: remove comments from trusted IP files breaking HAProxy startup Josh Knapp 2026-03-31 14:19:29 -07:00
  • 13a5be636e Raise rate limits further for media-heavy sites Josh Knapp 2026-03-31 14:12:24 -07:00
  • 5390ebb8a6 Raise rate limit thresholds to avoid false positives on normal traffic Josh Knapp 2026-03-31 14:10:53 -07:00
  • 53d259bd3f Add trusted IP whitelist for rate limit bypass Josh Knapp 2026-03-31 13:39:41 -07:00
  • 2ba8f87c2c Raise connection rate limit from 60 to 150 per 10s Josh Knapp 2026-03-31 12:25:53 -07:00
  • a3b19ce352 Add rate limiting, connection limits, and timeout hardening Josh Knapp 2026-03-31 10:00:53 -07:00
  • 94af4e47c1 Add Host header capture to frontend for connection debugging jknapp 2026-02-26 15:31:14 -08:00
  • 124a5373d2 Fix wildcard SSL cert: find certbot -NNNN dirs and use _wildcard_ filename jknapp 2026-02-20 06:38:28 -08:00
  • 657cd28344 Fix certbot hook script paths and add logging jknapp 2026-02-20 06:18:14 -08:00
  • 91c92dd07e Add wildcard domain support with DNS-01 ACME challenge flow jknapp 2026-02-19 13:04:32 -08:00
  • 6cd64295d2 Add separate SSE backend for secure Server-Sent Events support Josh Knapp 2025-12-26 13:48:24 -08:00
  • eadd6b798f Adding support for SSE Streaming Josh Knapp 2025-12-26 13:07:29 -08:00
  • 6902daaea1 Add automatic SSE detection and support to backend template Josh Knapp 2025-12-26 13:02:04 -08:00
  • 1fcb25bb88 Update SQL logic to update instead of delete and re-add Josh Knapp 2025-12-18 12:23:06 -08:00
  • bff18d358b Remove set -e and database dependency from certificate scripts Josh Knapp 2025-11-21 08:50:24 -08:00
  • 1d22d789b8 Simplify certificate renewal scripts and add certbot cleanup Josh Knapp 2025-11-20 09:56:56 -08:00
  • adc20d6d0b Improve certificate renewal script with atomic file updates jknapp 2025-11-19 19:27:40 -08:00
  • 71f4b9ef05 Add CIDR notation support for IP blocking Josh Knapp 2025-11-17 12:07:32 -08:00
  • 8d732318b4 Fix certificate renewal to properly update HAProxy combined certificate files Josh Knapp 2025-11-11 20:10:58 -08:00
  • 7eeba0d718 Remove ACL-based security protections to eliminate false positives jknapp 2025-11-03 15:35:25 -08:00
  • 76b2e85ca8 Fix certificate renewal cron job and add host-side scheduling jknapp 2025-10-28 17:36:48 -07:00
  • 288f4eb8a9 adding net-tools to allow connection number tracking jknapp 2025-10-09 18:42:44 -07:00
  • 8636b69ee1 Fix AWK syntax errors in monitoring scripts jknapp 2025-09-22 19:42:54 -07:00
  • 4c4e99883b Fix table reference and log-format response header issues jknapp 2025-09-22 18:49:50 -07:00
  • b293588eef Fix log-format multiline syntax causing parsing errors jknapp 2025-09-22 18:45:43 -07:00
  • b55a2fa691 Fix ACL compound reference error for xmlrpc abuse detection jknapp 2025-09-22 18:39:37 -07:00
  • 2889fda014 Fix HAProxy 3.0.11 variable comparison syntax in conditions jknapp 2025-09-22 18:34:45 -07:00
  • 78ebfef497 Fix HAProxy 3.0.11 syntax errors in security templates jknapp 2025-09-22 18:17:36 -07:00
  • cfabd39727 Implement HAProxy 3.0.11 enterprise-grade security enhancements jknapp 2025-09-22 17:51:44 -07:00
  • 0ee9e6cba8 Remove all ACL-to-ACL references for HAProxy 3.0.11 compatibility jknapp 2025-09-22 17:44:44 -07:00
  • ee8223c25f Complete HAProxy 3.0.11 syntax fixes for ACL and sc-inc errors jknapp 2025-09-22 17:37:16 -07:00
  • 65248680a5 Fix HAProxy 3.0.11 compatibility issues jknapp 2025-09-22 17:29:32 -07:00
  • 0a75d1b44e Implement advanced threat scoring and multi-table security system jknapp 2025-09-22 17:13:26 -07:00
  • e2f350ce95 Add comprehensive anti-scan and brute force protection jknapp 2025-09-22 16:50:35 -07:00
  • 002e79b565 Fix cron entry syntax in Dockerfile for HAProxy reload jknapp 2025-09-22 14:49:45 -07:00
  • 402c48b4a0 Remove 40X rate limiting from HAProxy to prevent false positives jknapp 2025-08-30 08:54:55 -07:00
  • 8c7031fd6d Fix HAProxy ACL syntax errors in backend templates jknapp 2025-08-25 12:45:13 -07:00
  • 31801a6c1d Make scan detection more targeted to avoid false positives jknapp 2025-08-25 12:39:15 -07:00
  • 6a4379c4a1 Add safeguards to prevent false positive blocking jknapp 2025-08-25 11:09:57 -07:00
  • e54b4b4afe Implement progressive protection: tarpit → silent-drop → block jknapp 2025-08-25 06:42:09 -07:00
  • 0a4995266c Simplify tarpit implementation for HAProxy 3.0 compatibility jknapp 2025-08-25 06:33:21 -07:00
  • 2cd1db7461 Fix HAProxy 3.0 tarpit timeout syntax error jknapp 2025-08-25 06:17:08 -07:00
  • b88da4c58f Implement HAProxy tarpit escalation and CLI monitoring jknapp 2025-08-24 19:33:10 -07:00
  • 948fdecf52 Update all backend templates with real IP forwarding and scan detection jknapp 2025-08-24 06:59:26 -07:00
  • 2b31fb9f4f Add real client IP detection for proxy/CDN environments jknapp 2025-08-24 06:51:00 -07:00
  • 5ce4f910c2 Fix tarpit to only apply AFTER backend error responses jknapp 2025-08-23 18:48:21 -07:00
  • de3a68b59c Fix tarpit applying to all connections - use proper threat ranges jknapp 2025-08-23 18:44:19 -07:00
  • f3569402d3 Fix HAProxy 3.0 stick-table and ACL syntax errors jknapp 2025-08-23 18:36:02 -07:00
  • 99435ee3e0 Fix HAProxy 3.0 compatibility issues in tarpit configuration jknapp 2025-08-23 18:30:34 -07:00
  • 1eed03a3b6 Add HAProxy tarpit escalation for exploit scanning protection jknapp 2025-08-23 18:09:28 -07:00
  • 2406d9f995 Add 403 status to blocked IP page and reload HAProxy on IP block/unblock jknapp 2025-08-22 10:06:04 -07:00
  • 15c7f40b2e Fix bug with haproxy config for blocked address jknapp 2025-08-22 09:48:24 -07:00
  • 58fa6d8aba Update blocked IP handling to use custom blocked page with 403 status jknapp 2025-08-22 08:36:57 -07:00
  • 7869b81f27 CRITICAL FIX: Migrate HAProxy IP blocking from ACL to map files jknapp 2025-08-22 08:31:17 -07:00
  • ca37a68255 Add IP blocking functionality to HAProxy Manager jknapp 2025-08-21 18:32:47 -07:00
  • a7ce40f600 Fix server configuration templates - add proper newlines between server entries jknapp 2025-07-13 01:21:19 -07:00
  • d4f54aef35 Fix HAProxy crash loop and improve startup resilience jknapp 2025-07-11 19:37:41 -07:00
  • fac6cef0db Fix HAProxy 2.6 compatibility for default backend jknapp 2025-07-11 19:27:42 -07:00
  • 27f3f8959b Add default backend page for unmatched domains jknapp 2025-07-11 19:10:05 -07:00
  • ef488a253d Add /api/certificates/request endpoint for programmatic certificate requests, update docs and add test script jknapp 2025-07-11 17:14:01 -07:00
  • 7b0b4c0476 Major upgrade: API key authentication, certificate renewal/download endpoints, monitoring/alerting scripts, improved logging, and documentation updates. See UPGRADE_SUMMARY.md for details. jknapp 2025-07-11 06:24:56 -07:00
  • f58dbef3c5 Merge pull request 'Update Cron' (#2) from update-cron into main jknapp 2025-05-30 18:16:47 +00:00
  • ac32141b34 Update Cron Josh Knapp 2025-05-30 11:16:12 -07:00
  • bbd6a0c22c Update README jknapp 2025-05-30 00:03:17 +00:00
  • 71b8085fb4 Merge pull request 'Fixing reload issue' (#1) from fix-reload into main jknapp 2025-04-18 23:53:17 +00:00
  • 7550df9890 Fixing reload issue fix-reload jknapp 2025-04-18 16:52:57 -07:00
  • 8ae1a6b99f debug reload jknapp 2025-03-09 11:56:18 -07:00
  • 9de12c72de added missing return jknapp 2025-03-09 11:11:35 -07:00
  • cb58f1d762 Switch reload from post to get jknapp 2025-03-09 11:07:21 -07:00