I need to capture the country name in haproxy logfile from those who are all accessing my site… Is there anyway to do this…
Is there any option in http-request capture or log-format
I did this based on HAProxy Country filtering ACL | blog.erben.sk
file deny_hosts.map:
example.com antiddos
In frontend:
only create ACL to Brazil and Portugal
acl acl_geoloc_allow src,map_ip(/etc/haproxy/geoip/geoip.txt) -m reg -i (BR|PT)
acl acl_internal src 10.0.0.0/8 192.168.0.0/16
Only add IP to table
http-request track-sc1 src table antiddos if !acl_geoloc_allow !acl_internal
Send to check list or to default backend (default-backend)
use_backend %[req.hdr(host),lower,map_str(/etc/haproxy/deny_hosts.map,default-backend)]
Backend antiddos:
stick-table type ip size 1m expire 10m store http_req_rate(10s)
acl acl_geoloc_allow src,map_ip(/etc/haproxy/geoip/geoip.txt) -m reg -i (BR|PT)
acl acl_internal src 10.0.0.0/8 192.168.0.0/16
Throttling IP for requests from Brazil and Portugal
http-request deny deny_status 429 if { sc_http_req_rate(1,antiddos) gt 50 }
block all the other countries
http-request deny deny_status 403 if !acl_geoloc_allow !acl_internal
pass the requests from brazil and portugal
server antiddos_pass check minconn 1000 maxconn 8000 send-proxy
cron to get once a day the IP countries:
/usr/bin/curl -s http://iwik.org/ipcountry/geoip.txt > /etc/haproxy/geoip/geoip_novo.txt
Thanks a lot … It’s also very useful for me.
But I want to know is there anyway to capture the country code or country name in the haproxy log file.
Example:
If someone accessing my website, I want to display that user country code or country name in haproxy.log file.
I don’t know if this is the best or most optimal way, but I’m using this configuration to log the country codes (to a custom log format).
The country code is stored using set-var()
, and then logged.
frontend:
log-format '..., country: %[var(sess.GeoCountryCode)], ...'
http-request set-var(sess.GeoCountryCode) src,map_ip(/etc/haproxy/geoip/geoip.txt,"unknown")
Thanks for the reply… I will try it.