Files
jknapp 948fdecf52
All checks were successful
HAProxy Manager Build and Push / Build-and-Push (push) Successful in 51s
Update all backend templates with real IP forwarding and scan detection
Extends the tarpit protection and real IP handling to all backend templates,
ensuring consistent behavior across different backend configurations.

Changes to all backend templates:
- Pass real client IP via X-CLIENT-IP and X-Real-IP headers
- Use var(txn.real_ip) which contains the actual client IP (from proxy headers or direct)
- Add scan attempt detection (400/401/403/404 errors)
- Track suspicious paths (admin panels, config files, etc.)
- Increment error counters for tarpit decisions

Updated templates:
- hap_backend.tpl: Main backend template
- hap_backend_http_check.tpl: Backend with HTTP health checks
- hap_backend_basic.tpl: Minimal backend configuration

Benefits:
- Backend applications receive the real client IP, not proxy IPs
- All backend types now contribute to scan detection
- Consistent security across different backend configurations
- Works seamlessly with Cloudflare and other CDNs

🤖 Generated with [Claude Code](https://claude.ai/code)

Co-Authored-By: Claude <noreply@anthropic.com>
2025-08-24 06:59:26 -07:00
..
2025-02-20 13:41:38 -08:00