In our maps blog post we have a section where we talk about applying different rate limits for different paths (https://www.haproxy.com/blog/introduction-to-haproxy-maps/#r...). For this I'd change the path fetch to a…
For the first example that looks good to catch scanners and the like, though it needs an "http-response track-sc0 src" or nothing will get stored in the stick table. The second example it looks good; since there aren't…
Its not terribly common to attack the SMTP service itself, as usually spam can be sent to cause problems outside of the availability of the SMTP service itself. If SMTP traffic is put through HAProxy conn_cur and…
For volumetric attacks (where the attacker is using DNS reflection or similar to do nothing but eat your bandwidth) pretty much the only solution is to work with providers to block the sources/protocols to stop the…
I'm the author of this, and have done quite a bit with DDoS and HAProxy; feel free to ask me any questions.
Your right, I frequently look as inspect-delay as not being a real line given that it doesn't do much itself. I have an explanation of inspect-delay a bit further down: When tcp-request inspect-delay is present, it will…
Hey, author of this blog post here. If you have any questions feel free to ask (or if you want to insult me that is also acceptable).
The government worries me more than people/companies for two reasons: 1) The government can track me everywhere with cameras anywhere they want in public; companies would be mostly restricted to when I walk past their…
The main benefit I get out of it is that without it I would never cook anything because I wouldn't be able to get the motivation over the long term (I've tried, and it works for a short time, but fades). So basically it…
To do it properly you would likely be looking at mandatory access control, such as SELinux, so that the ransomware wouldn't be authorized to modify the files and further would make itself obvious in the logs. Not very…
In our maps blog post we have a section where we talk about applying different rate limits for different paths (https://www.haproxy.com/blog/introduction-to-haproxy-maps/#r...). For this I'd change the path fetch to a…
For the first example that looks good to catch scanners and the like, though it needs an "http-response track-sc0 src" or nothing will get stored in the stick table. The second example it looks good; since there aren't…
Its not terribly common to attack the SMTP service itself, as usually spam can be sent to cause problems outside of the availability of the SMTP service itself. If SMTP traffic is put through HAProxy conn_cur and…
For volumetric attacks (where the attacker is using DNS reflection or similar to do nothing but eat your bandwidth) pretty much the only solution is to work with providers to block the sources/protocols to stop the…
I'm the author of this, and have done quite a bit with DDoS and HAProxy; feel free to ask me any questions.
Your right, I frequently look as inspect-delay as not being a real line given that it doesn't do much itself. I have an explanation of inspect-delay a bit further down: When tcp-request inspect-delay is present, it will…
Hey, author of this blog post here. If you have any questions feel free to ask (or if you want to insult me that is also acceptable).
The government worries me more than people/companies for two reasons: 1) The government can track me everywhere with cameras anywhere they want in public; companies would be mostly restricted to when I walk past their…
The main benefit I get out of it is that without it I would never cook anything because I wouldn't be able to get the motivation over the long term (I've tried, and it works for a short time, but fades). So basically it…
To do it properly you would likely be looking at mandatory access control, such as SELinux, so that the ransomware wouldn't be authorized to modify the files and further would make itself obvious in the logs. Not very…