@ops wrote:
Hey
I have problem on blocking vulnerability scanners base on http_err_rate,
with this config I can block login bruteforce attacks and redirect them to a sandbox but vulnerability scanner block section not working at all .can you guys take a look on the config and tell me where is this issues come from ?
https://pastebin.com/raw/g8rDUnTP
api login bruteforce sandbox
acl api_login path_beg -i /login/
acl too_many_loging_attemp sc0_gpc0_rate() gt 3
acl mark_seen sc0_inc_gpc0 gt 0
stick-table type string size 100k store http_err_rate(10s),gpc0_rate(60s) peers main_peer
tcp-request content track-sc0 base32+src if METH_POST api_login
tcp-request connection track-sc1 src
use_backend api-login-sandbox if mark_seen too_many_loging_attempvuln scanners sandbox
acl abuse src_http_err_rate gt 3
use_backend scanners-sandbox if abuse
Posts: 1
Participants: 1