Block Vulnerability Scanners base on http_err_rate


#1

Hey

I have problem on blocking vulnerability scanners base on http_err_rate,
with this config I can block login bruteforce attacks and redirect them to a sandbox but vulnerability scanner block section not working at all .

can you guys take a look on the config and tell me where is this issues come from ?

https://pastebin.com/raw/g8rDUnTP

api login bruteforce sandbox

acl api_login path_beg -i /login/
acl too_many_loging_attemp sc0_gpc0_rate() gt 3
acl mark_seen sc0_inc_gpc0 gt 0
stick-table type string size 100k store http_err_rate(10s),gpc0_rate(60s) peers main_peer
tcp-request content track-sc0 base32+src if METH_POST api_login
tcp-request connection track-sc1 src
use_backend api-login-sandbox if mark_seen too_many_loging_attemp

vuln scanners sandbox

acl abuse src_http_err_rate gt 3
use_backend scanners-sandbox if abuse