I want to block repeating post requests using form-data and/or x-www-form-urlencoded if more than 5 times within 30 minutes, the following configuration is working but if there is a change in the value in form-data the requests are still being blocked even though its totally a new request. really appreciate any help on this. Thanks in advance.
I’m using HAProxy version 2.4.9, my current settings as follow:
First, you don’t seem to run in mode http, is there any good reason for that?
Second, I don’t see any direct relation between the listen section and the backend section. You may be missing a default_backend or a use_backend directive somewhere.
I think your issue is that you miss the request body in your hash.
frontend webfarm
mode http
bind :443 ssl crt /etc/haproxy/certs/ssl-cert.pm
option http-buffer-request
acl services path_beg /services
http-request set-var(txn.xdosprotect) %[src];%[req.fhdr(host)]%[path]%[req.body] if services
stick-table type integer size 1m expire 30m store http_req_rate(30m)
tcp-request content track-sc0 var(txn.xdosprotect),crc32(1) if services
http-request deny deny_status 429 if { sc0_http_req_rate gt 5 }
default_backend app_server
backend app_server
mode http
server webserver01 localhost:8080 check inter 30s
errorfile 503 /etc/haproxy/errors/maintenance.htm
Note that I would also add a peers section with at least the local machine only in order to synchonize data accross reloads.