All checks were successful
HAProxy Manager Build and Push / Build-and-Push (push) Successful in 51s
Implement progressive tarpit delays and threat detection to slow down attackers scanning for exploits. Features include: - Stick table to track attacks with 2-hour expiry - Escalating tarpit delays based on threat level and repeat offenses - Threat level detection (low/medium/high/critical) based on scan attempts - Rate-based attack detection for burst/sustained/persistent attacks - Automatic scan attempt tracking via HTTP error responses (400/401/403/404) - Detection of suspicious paths (admin panels, config files, etc.) - Trusted network bypass for local/monitoring systems - Progressive escalation levels that increase tarpit duration - Critical threat blocking with 429 status The system uses HAProxy's built-in tarpit mechanism to delay responses up to 60 seconds for persistent attackers, effectively slowing down vulnerability scanners while maintaining service for legitimate users. 🤖 Generated with [Claude Code](https://claude.ai/code) Co-Authored-By: Claude <noreply@anthropic.com>
25 lines
950 B
Smarty
25 lines
950 B
Smarty
|
|
backend {{ name }}-backend
|
|
option forwardfor
|
|
http-request add-header X-CLIENT-IP %[src]
|
|
{% if ssl_enabled %}http-request set-header X-Forwarded-Proto https if { ssl_fc }{% endif %}
|
|
|
|
# Define scanning attempt patterns
|
|
acl is_404_error status 404
|
|
acl is_403_error status 403
|
|
acl is_401_error status 401
|
|
acl is_400_error status 400
|
|
acl is_scan_attempt status 400 401 403 404
|
|
|
|
# Additional suspicious patterns
|
|
acl suspicious_path path_reg -i \.(php|asp|aspx|jsp|cgi)$
|
|
acl suspicious_path path_reg -i /(wp-admin|phpmyadmin|admin|login|xmlrpc)
|
|
acl suspicious_path path_reg -i \.(env|git|svn|backup|bak|old)
|
|
|
|
# Track scan attempts in the frontend stick table
|
|
http-response sc-inc-gpc0(0) if is_scan_attempt
|
|
|
|
{% for server in servers %}
|
|
server {{ server.server_name }} {{ server.server_address }}:{{ server.server_port }} {{ server.server_options }}
|
|
{% endfor %}
|
|
|