Haproxy DDoS Protection config



frontend public
bind *:80


# table used to store behaviour of source IPsstick-table type ip size 200k expire 5m store gpc0,conn_rate(10s)


# IPs that have gpc0 > 0 are blocked until the go away for at least 5 minutesacl source_is_abuser src_get_gpc0 gt 0tcp-request connection reject if source_is_abuser


# connection rate abuses get blockedacl conn_rate_abuse sc1_conn_rate gt 30acl mark_as_abuser   sc1_inc_gpc0  gt 0tcp-request connection track-sc1 srctcp-request connection reject if conn_rate_abuse mark_as_abuser



Reference



Comments

Popular posts from this blog

Wowza 4.0.1 (Wowza Streaming Engine) Released!

WebRTC for Real-Time Communications