OPNsense Forum

Archive => 19.1 Legacy Series => Topic started by: seized on December 27, 2018, 10:47:58 pm

Title: HAProxy - Support for GPC General Purpose Counters
Post by: seized on December 27, 2018, 10:47:58 pm

Im not sure if this goes here or on Github but does anyone know if UI support for gpc stick tables and rules/acls is planned for the HAProxy plugin? Gpc being General Purpose Counter.

Its used most often in the abuse prevention type rules.

Some examples:

https://www.haproxy.com/blog/bot-protection-with-haproxy/
https://cbonte.github.io/haproxy-dconv/1.7/configuration.html#7 (search for gpc0)

Code: [Select]

frontend http
    # Use General Purpose Couter 0 in SC0 as a global abuse counter
    # protecting all our sites
    stick-table type ip size 1m expire 5m store gpc0
    tcp-request connection track-sc0 src
    tcp-request connection reject if { sc0_get_gpc0 gt 0 }
    ...
    use_backend http_dynamic if { path_end .php }

backend http_dynamic
    # if a source makes too fast requests to this dynamic site (tracked
    # by SC1), block it globally in the frontend.
    stick-table type ip size 1m expire 5m store http_req_rate(10s)
    acl click_too_fast sc1_http_req_rate gt 10
    acl mark_as_abuser sc0_inc_gpc0(http) gt 0
    tcp-request content track-sc1 src
    tcp-request content reject if click_too_fast mark_as_abuser

Title: Re: HAProxy - Support for GPC General Purpose Counters
Post by: franco on January 02, 2019, 05:37:53 pm

Should be discussed at https://github.com/opnsense/plugins/issues


Cheers,
Franco

Title: Re: HAProxy - Support for GPC General Purpose Counters
Post by: seized on January 09, 2019, 05:57:46 am

Will do, thank you!

Title: Re: HAProxy - Support for GPC General Purpose Counters
Post by: franco on January 10, 2019, 09:39:36 am

Thanks, was posted at https://github.com/opnsense/plugins/issues/1123

Making sure others will find it best includes links from an to forum.


Cheers,
Franco