Hi there,
I’m seeing some traffic from what appears to be bad actors and am
wanting to block them. I see this in the existing config but being
new to haproxy, it doesn’t seem like it’s configured correctly but I’m
not sure:
frontend main
bind :80
acl bad_ip src
acl bad_ip_proxy hdr_ip(X-Forwarded-For)
tcp-request connection reject if bad_ip || bad_ip_proxy
I’m presuming the ‘all bad_ip src’ is missing the actual source definitions?
This is the type of traffic I’m wanting to block:
GET /REDACTED/ HTTP/1.1
Host: REDACTED
Accept:
text/html,text/plain,text/xml,text/*,application/xml,application/xhtml+xml,application/rss+xml,application/atom+xml,application/rdf+xml,application/php,application/x-php,application/x-httpd-php
User-Agent: Mozilla/5.0 (compatible; MJ12bot/v1.4.8; http://mj12bot.com/)
Accept-Encoding: br,gzip
Accept-Language: cs
X-Forwarded-Proto: https
X-SSL: 1
X-Forwarded-For: 65.21.233.213, 10.1.12.132
Via: 1.1 REDACTED
X-Forwarded-Host: REDACTED
X-Forwarded-Server: REDACTED
Connection: close
You can see the source listed (65.21.233.213) has a bad IP reputation:
https://www.abuseipdb.com/check/65.21.233.213
I'm running haproxy 1.8 which I know is EOL'ed but thank you very much
for any help!
Best regards
