Files
haproxy-manager-base/templates/hap_backend.tpl
jknapp 1eed03a3b6
All checks were successful
HAProxy Manager Build and Push / Build-and-Push (push) Successful in 51s
Add HAProxy tarpit escalation for exploit scanning protection
Implement progressive tarpit delays and threat detection to slow down
attackers scanning for exploits. Features include:

- Stick table to track attacks with 2-hour expiry
- Escalating tarpit delays based on threat level and repeat offenses
- Threat level detection (low/medium/high/critical) based on scan attempts
- Rate-based attack detection for burst/sustained/persistent attacks
- Automatic scan attempt tracking via HTTP error responses (400/401/403/404)
- Detection of suspicious paths (admin panels, config files, etc.)
- Trusted network bypass for local/monitoring systems
- Progressive escalation levels that increase tarpit duration
- Critical threat blocking with 429 status

The system uses HAProxy's built-in tarpit mechanism to delay responses
up to 60 seconds for persistent attackers, effectively slowing down
vulnerability scanners while maintaining service for legitimate users.

🤖 Generated with [Claude Code](https://claude.ai/code)

Co-Authored-By: Claude <noreply@anthropic.com>
2025-08-23 18:09:28 -07:00

25 lines
950 B
Smarty

backend {{ name }}-backend
option forwardfor
http-request add-header X-CLIENT-IP %[src]
{% if ssl_enabled %}http-request set-header X-Forwarded-Proto https if { ssl_fc }{% endif %}
# Define scanning attempt patterns
acl is_404_error status 404
acl is_403_error status 403
acl is_401_error status 401
acl is_400_error status 400
acl is_scan_attempt status 400 401 403 404
# Additional suspicious patterns
acl suspicious_path path_reg -i \.(php|asp|aspx|jsp|cgi)$
acl suspicious_path path_reg -i /(wp-admin|phpmyadmin|admin|login|xmlrpc)
acl suspicious_path path_reg -i \.(env|git|svn|backup|bak|old)
# Track scan attempts in the frontend stick table
http-response sc-inc-gpc0(0) if is_scan_attempt
{% for server in servers %}
server {{ server.server_name }} {{ server.server_address }}:{{ server.server_port }} {{ server.server_options }}
{% endfor %}