Josh Knapp
5390ebb8a6
All checks were successful
HAProxy Manager Build and Push / Build-and-Push (push) Successful in 1m22s
Previous thresholds (200/500 req/10s) were too aggressive — WordPress login pages with their CSS/JS/image assets can easily burst 30-50 requests per page load, triggering tarpits and blocks on legitimate users. New thresholds: - Request rate: tarpit at 1000/10s (100 req/s), block at 2000/10s (200 req/s) - Connection rate: 300/10s (was 150) - Concurrent connections: 200 (was 100) - Error rate: 50/30s (was 20) These still catch real floods and scanners while giving normal web traffic plenty of headroom. Co-Authored-By: Claude Opus 4.6 (1M context) <noreply@anthropic.com>