Add whitelist to acl on tcp request rejection

olexiyb · Jun 12, 2018 · 2795b72 · 2795b72
1 parent cce66e9
commit 2795b72
Showing 1 changed file with 1 addition and 1 deletion.
diff --git a/roles/loadbalancer/templates/haproxy.cfg.j2 b/roles/loadbalancer/templates/haproxy.cfg.j2
@@ -68,7 +68,7 @@ frontend iri_front
 
     # drop connections from user with more then 1000 requests in 5m
     acl source_is_hacker src_http_req_cnt(iri_front) gt 1000
-    tcp-request content reject if source_is_hacker
+    tcp-request content reject if source_is_hacker !whitelist
 
     # limit OPTIONS method because this is only used on browsers
     acl options_method method OPTIONS