paulbsd/paulbsd-salt
1
0
Fork 0
Code Issues Pull Requests Releases Wiki Activity

updated haproxy state
All checks were successful
continuous-integration/drone/push Build is passing
Details

Browse Source
This commit is contained in:
Paul 2024-07-17 00:04:13 +02:00
parent 00c68173c9
commit fde0651d53
1 changed files with 7 additions and 0 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

7
states/haproxy/templates/haproxy.cfg.j2
View File

@ -165,6 +165,7 @@ frontend fe_http from {{ haproxy.config.namespace }}
acl path_root path /
acl path_info path /info
acl path_location path /location
acl version_http10 req.ver 1.0
## Basic rules
http-request set-var(txn.srchash) src,crc32,mod(100)
@ -173,6 +174,10 @@ frontend fe_http from {{ haproxy.config.namespace }}
http-request set-var(req.host) req.hdr(Host)
http-request set-var(req.accesshash) str(),concat(,req.src,),concat(-,req.host,)
## Silent drop all external requests with no host header or HTTP/1.0
http-request silent-drop if !domains !internal
http-request silent-drop if version_http10
## Returns
http-request return status 200 content-type text/plain string "User-agent: *\r\nAllow: /" if robots_txt
http-request return status 200 content-type text/plain string "Contact: mailto:{{ haproxy.config.syscontact }}" if security_txt
@ -215,6 +220,7 @@ frontend fe_https from {{ haproxy.config.namespace }}
acl path_root path /
acl path_info path /info
acl path_location path /location
acl version_http10 req.ver 1.0
## Basic rules
#http-request set-var(txn.random) rand,mul(5)
@ -233,6 +239,7 @@ frontend fe_https from {{ haproxy.config.namespace }}
## Silent drop all external requests with no host header
http-request silent-drop if !domains !internal
http-request silent-drop if version_http10
## DDoS
http-request deny deny_status 429 if max_req_rate !internal