Netgate Discussion Forum
    • Categories
    • Recent
    • Tags
    • Popular
    • Users
    • Search
    • Register
    • Login

    HAPROXY anti DDOS - add stick tables to frontend & track HTTP request rate

    Cache/Proxy
    3
    3
    1.1k
    Loading More Posts
    • Oldest to Newest
    • Newest to Oldest
    • Most Votes
    Reply
    • Reply as topic
    Log in to reply
    This topic has been deleted. Only users with topic management privileges can see it.
    • nzkiwi68N
      nzkiwi68
      last edited by

      HAPROXY has a lot of very powerful anti DOS and DDOS features which currently aren't implemented by pfSense.

      To do it properly, we need to be able to set stick tables on the frontend, tracking HTTP request rate and write ACL's to use it.

      These references show the config required;
      Application-Layer DDoS Attack Protection with HAProxy
      HAProxy Rate Limiting: Four Examples

      frontend website
    bind :80
    stick-table  type ip  size 100k  expire 30s  store http_req_rate(10s)
    http-request track-sc0 src
    http-request deny deny_status 429 if { sc_http_req_rate(0) gt 20 }
    default_backend servers
      1 Reply Last reply Reply Quote 0
      • viktor_gV
        viktor_g Netgate
        last edited by

        You can create a feature request: https://docs.netgate.com/pfsense/en/latest/development/requesting-new-pfsense-features.html

        1 Reply Last reply Reply Quote 0
        • X
          xwx
          last edited by

          Did you do it manually does it work? And if yes you modified config file or done it from UI ?
          Thanks.

          1 Reply Last reply Reply Quote 0
          • First post
            Last post
          Copyright 2025 Rubicon Communications LLC (Netgate). All rights reserved.