HAProxy SPOE Data

SPOE Data

To be able to use Darwin with HAProxy, you first need to use an HAProxy connector that will connect to Darwin via a Unix socket.

To do so, you can use the SPOA Data, which is a generic Stream Processing Offload Agent (documentation here) that takes any number of arguments, parses them, then sends them to Darwin in order to get a certitude score.

With this score obtained (named ip_score here), you can create ACLs to decide whether to block the request or not.

Here is an example of a configuration file:

[user_agent]

spoe-agent user_agent-agent
    messages check-user_agent

    option var-prefix user_agent

    timeout hello      100ms
    timeout idle       30s
    timeout processing 15ms

    use-backend user_agent-backend


spoe-message check-user_agent
    args var(proc.user_agent)
    event on-frontend-http-request

Home
Darwin Configuration
Connect to Darwin with Python
Management Socket
Alert Format
Statistics
Rsyslog Configuration
Workflow
Automated Testing
Unit Testing
Available Docker images
Filters
- Template
- Anomaly
- Buffer
- Connection
- Content Inspection
- DGA
- HostLookup
- Sofa
- TAnomaly
- Test
- Yara
- (Coming) Session
- (Obsolete) End
- (Obsolete) Logs
- (Obsolete) Reputation
Tools
- Reconciler
HAproxy
- General Configuration
- SPOE Data
Contributions

HAProxy SPOE Data

SPOE Data

Uh oh!

Uh oh!

Uh oh!

Uh oh!

Uh oh!

Uh oh!

Uh oh!

Uh oh!

Uh oh!

Uh oh!

Uh oh!

Uh oh!

Uh oh!

Uh oh!

Uh oh!

Uh oh!

Uh oh!

Uh oh!

Uh oh!

Uh oh!

Uh oh!

Uh oh!

Uh oh!

Uh oh!

Uh oh!

Uh oh!

Uh oh!

Uh oh!

Uh oh!

Uh oh!

Uh oh!

Uh oh!

Uh oh!

Uh oh!

Clone this wiki locally