Hi Yuan,

On 2015-02-12 17:39, Yuan wrote:
Hello Experts,

Our customer’s website has just been brought down by bots.bots
website aware.

base32+src can look at src + url.

I am not good at this. I am hoping I can get some help to create the
needed config. Can I do the below config ;

_# Begin DDOS-Protection-Config_
_# Monitor the number of request sent by an IP over a period of 10
seconds_
_ stick-table type base32+src size 1m expire 10s store
gpc0,http_req_rate(10s)_
_ tcp-request connection track-sc1 src_
_ # Refuses a new connection from an abuser_
_ tcp-request content reject if { src_get_gpc0 gt 0 }_
_ # Returns a 403 response for requests in an established connection_
_ http-request deny if { src_get_gpc0 gt 0 }_

I think this config is wrong. Any help or tips or sample config using
base32+src possible. Maybe a Link where someone posted a sample config
using base32+src. I have both port 80 & port 443 with port 80 rewrite
to port 443.

Due to lack of of time I can't help you that much but what you miss is increasing the gpc0 counter. You should take a look at "haproxy rate limiting" stuff, there are some good examples out there, e.g.:
http://brokenhaze.com/blog/2014/03/25/how-stack-exchange-gets-the-most-out-of-haproxy/

It's also pretty easy to test with a few shells, curl and socat.


I had some help from Willy about using base32+src which I understood
in theory but I am not good enough to convert that wonderful advise to
a workable config.

Best regards,
; Yuan

--
Regards,
Christian Ruppert

Reply via email to