jknapp
7eeba0d718
All checks were successful
HAProxy Manager Build and Push / Build-and-Push (push) Successful in 59s
This commit simplifies the HAProxy configuration by removing automatic threat detection and blocking rules while preserving essential functionality. Changes: - Removed all automatic ACL-based security rules (SQL injection detection, scanner detection, rate limiting, brute force protection, etc.) - Removed complex stick-table tracking with 15 GPC counters - Removed graduated threat response system (tarpit, deny based on threat scores) - Removed HTTP/2 security tuning parameters specific to threat detection - Commented out IP header forwarding in hap_backend_basic.tpl Preserved functionality: - Real client IP detection from proxy headers (CF-Connecting-IP, X-Real-IP, X-Forwarded-For) with proper fallback to source IP - Manual IP blocking via map file (/etc/haproxy/blocked_ips.map) - Runtime map updates for immediate blocking without reload - Backend IP forwarding capabilities (available in hap_backend.tpl) The configuration now focuses on manual IP blocking only, which can be managed through the API endpoints (/api/blocked-ips). 🤖 Generated with [Claude Code](https://claude.com/claude-code) Co-Authored-By: Claude <noreply@anthropic.com>