We have been using HAProxy to block unwanted IP addresses for the past few months. I’m concerned that if this file keeps on growing, it might impact the overall performance of HAProxy not to mention that it needs to be synchronized across several instances. Right now, it’s nearing the 2,000 line mark.
- What are the current strategies in managing a growing IP ACL file?
- What is the maximum number of lines an ACL can have?
- What’s an alternative approach for blocking malicious IPs other than on HAProxy?
I’m thinking of this approach to automate this process:
- Use a DB backend to store the list of malicious IPs
- Create a script that will pull the list from the DB and generate an ACL file and run via cron job
- Reload HAProxy on file change or on a regular schedule
Thank you in advance!