How TECH

How to monitor or block DDOS in Haproxy https://www.haproxy.com/blog/introduction-to-haproxy-stick-tables/ Configuration to monitor access This configuration just will TAG the external IP in the   abuse table, if need block something just remove the double #, to change the level of monitoring increase or reduce the number of connection   level. # ABUSE SECTION works with http mode dependent on src ip ## tcp-request content reject if { src_get_gpc0(Abuse) gt 5000 } acl abuse src_http_req_rate(Abuse) ge 5000 acl flag_abuser src_inc_gpc0(Abuse) ge 100 acl scanner src_http_err_rate(Abuse) ge 5000 # Abuse protection. # Sources that are not filtered. tcp-request content accept if { src -f /etc/haproxy/whitelist.lst } # Sources rejected immeditely. tcp-request content reject if { src -f /etc/haproxy/blacklist.lst } # Limiting the connection rate per client. No more than 5000 connections over 3 seconds. ## tcp-request content reject if { ...

A problem in WordPress SSL HAPROXY Have a problem to put your SSL in your WordPress using HAPROXY as a reverse proxy? To resolve this is simple Add in  wp-config.php define('FORCE_SSL_ADMIN', true); define('FORCE_SSL_LOGIN', true); if ($_SERVER['HTTP_X_FORWARDED_PROTO'] == 'https') $_SERVER['HTTPS']='on'; Add this in your haproxy. frontend webfront mode http bind 0.0.0.0:443 ssl crt /etc/haproxy/certs.d reqadd X-Forwarded-Proto:\ https ... ... Make sure to use option http-server-close  as well or the reqadd setting might not work as expected.

Error in haproxy with lets encrypt error msg bind *:443' : inconsistencies between private key and certificate loaded from PEM file '/etc/letsencrypt/live/ Need to create a new file cat cert.pem privkey.pem > haproxy_cert.pem Add in haproxy frontend www         bind *:80         bind *:443  ssl crt /etc/letsencrypt/live/mydomain.com/haproxy_cert.pem and make a test haproxy -c -V -f /etc/haproxy/haproxy.cfg