Haproxy Monitoring or BLOCK DDOS
How to monitor or block DDOS in Haproxy https://www.haproxy.com/blog/introduction-to-haproxy-stick-tables/ Configuration to monitor access This configuration just will TAG the external IP in the abuse table, if need block something just remove the double #, to change the level of monitoring increase or reduce the number of connection level. # ABUSE SECTION works with http mode dependent on src ip ## tcp-request content reject if { src_get_gpc0(Abuse) gt 5000 } acl abuse src_http_req_rate(Abuse) ge 5000 acl flag_abuser src_inc_gpc0(Abuse) ge 100 acl scanner src_http_err_rate(Abuse) ge 5000 # Abuse protection. # Sources that are not filtered. tcp-request content accept if { src -f /etc/haproxy/whitelist.lst } # Sources rejected immeditely. tcp-request content reject if { src -f /etc/haproxy/blacklist.lst } # Limiting the connection rate per client. No more than 5000 connections over 3 seconds. ## tcp-request content reject if { ...
