• Categories
  • Recent
  • Tags
  • Popular
  • Users
  • Search
  • Register
  • Login
Netgate Discussion Forum
  • Categories
  • Recent
  • Tags
  • Popular
  • Users
  • Search
  • Register
  • Login

HAPROXY anti DDOS - add stick tables to frontend & track HTTP request rate

Scheduled Pinned Locked Moved Cache/Proxy
3 Posts 3 Posters 1.2k Views
Loading More Posts
  • Oldest to Newest
  • Newest to Oldest
  • Most Votes
Reply
  • Reply as topic
Log in to reply
This topic has been deleted. Only users with topic management privileges can see it.
  • N
    nzkiwi68
    last edited by Sep 6, 2020, 12:13 AM

    HAPROXY has a lot of very powerful anti DOS and DDOS features which currently aren't implemented by pfSense.

    To do it properly, we need to be able to set stick tables on the frontend, tracking HTTP request rate and write ACL's to use it.

    These references show the config required;
    Application-Layer DDoS Attack Protection with HAProxy
    HAProxy Rate Limiting: Four Examples

    frontend website
    bind :80
    stick-table  type ip  size 100k  expire 30s  store http_req_rate(10s)
    http-request track-sc0 src
    http-request deny deny_status 429 if { sc_http_req_rate(0) gt 20 }
    default_backend servers
    1 Reply Last reply Reply Quote 0
    • V
      viktor_g Netgate
      last edited by Sep 6, 2020, 6:40 AM

      You can create a feature request: https://docs.netgate.com/pfsense/en/latest/development/requesting-new-pfsense-features.html

      1 Reply Last reply Reply Quote 0
      • X
        xwx
        last edited by Nov 13, 2020, 5:38 PM

        Did you do it manually does it work? And if yes you modified config file or done it from UI ?
        Thanks.

        1 Reply Last reply Reply Quote 0
        • First post
          Last post
        Copyright 2025 Rubicon Communications LLC (Netgate). All rights reserved.
          [[user:consent.lead]]
          [[user:consent.not_received]]