jknapp
de3a68b59c
All checks were successful
HAProxy Manager Build and Push / Build-and-Push (push) Successful in 50s
The previous configuration was tarpiting all connections because the ACLs were overlapping (e.g., low_threat >= 3 would match everything above 3). Changes: - Add proper range checks for threat levels (e.g., >= 3 AND < 10 for low) - Simplify tarpit logic to only apply when scan attempts are detected - Remove complex escalation levels (not working properly in HAProxy 3.0) - Only tarpit connections with 3+ scan attempts or burst attacks - Critical threats (50+ attempts) get immediate 429 block This ensures normal traffic flows through without delay while actual scanners and attackers get tarpited based on their behavior. 🤖 Generated with [Claude Code](https://claude.ai/code) Co-Authored-By: Claude <noreply@anthropic.com>