jknapp
65248680a5
All checks were successful
HAProxy Manager Build and Push / Build-and-Push (push) Successful in 1m54s
Major syntax and configuration updates for HAProxy 3.0.11: Configuration Fixes: - Remove conflicting stick-table declarations in frontend - Move security tables to separate backend sections - Fix ACL syntax errors (missing_browser_headers → separate ACLs) - Remove unsupported add-var() syntax - Simplify threat scoring to use flags instead of cumulative values Security Table Architecture: - security_blacklist: 24h persistent offender tracking - wp_403_track: WordPress authentication failure monitoring - Separated from main frontend table to avoid conflicts Simplified Threat Detection: - low_threat: Rate abuse, suspicious methods, missing headers - medium_threat: SQL injection, directory traversal, WordPress brute force - high_threat: Bot scanners, admin scans, shell attempts - critical_threat: Blacklisted IPs, auto-blacklist candidates Response System: - Low threat: Warning headers only - Medium threat: Tarpit delays - High threat: Immediate deny (403) - Critical threat: Blacklist and deny Enhanced Compatibility: - Removed HAProxy 2.6-specific syntax - Updated to HAProxy 3.0.11 requirements - Maintained security effectiveness with simpler logic - Added security tables template integration The system maintains comprehensive protection while being compatible with HAProxy 3.0.11's stricter parsing and syntax requirements. 🤖 Generated with [Claude Code](https://claude.ai/code) Co-Authored-By: Claude <noreply@anthropic.com>
6 lines
226 B
Smarty
6 lines
226 B
Smarty
# Security stick tables for multi-table tracking
|
|
backend security_blacklist
|
|
stick-table type ip size 20k expire 24h store gpc0,gpc1
|
|
|
|
backend wp_403_track
|
|
stick-table type ip size 50k expire 15m store http_err_rate(10s) |