Hi Yuan, On 2015-02-12 17:39, Yuan wrote:
Hello Experts,Our customer’s website has just been brought down by bots.bots website aware. base32+src can look at src + url. I am not good at this. I am hoping I can get some help to create the needed config. Can I do the below config ; _# Begin DDOS-Protection-Config_ _# Monitor the number of request sent by an IP over a period of 10 seconds_ _ stick-table type base32+src size 1m expire 10s store gpc0,http_req_rate(10s)_ _ tcp-request connection track-sc1 src_ _ # Refuses a new connection from an abuser_ _ tcp-request content reject if { src_get_gpc0 gt 0 }_ _ # Returns a 403 response for requests in an established connection_ _ http-request deny if { src_get_gpc0 gt 0 }_ I think this config is wrong. Any help or tips or sample config using base32+src possible. Maybe a Link where someone posted a sample config using base32+src. I have both port 80 & port 443 with port 80 rewrite to port 443.
Due to lack of of time I can't help you that much but what you miss is increasing the gpc0 counter. You should take a look at "haproxy rate limiting" stuff, there are some good examples out there, e.g.:
http://brokenhaze.com/blog/2014/03/25/how-stack-exchange-gets-the-most-out-of-haproxy/ It's also pretty easy to test with a few shells, curl and socat.
I had some help from Willy about using base32+src which I understood in theory but I am not good enough to convert that wonderful advise to a workable config. Best regards, ; Yuan
-- Regards, Christian Ruppert
