Hi,
I'm converting an older listen configuration to a frontend/backend set
up for SSL...would the following directives be better suited in the
frontend or the backend section?
# Persistently map clients to backends by client IP
stick-table type ip size XX expire YY peers ZZ
stick on src
# Reject blacklisted IPs
tcp-request connection reject if { src -f ABC }
# Slow down abusive clients
acl too_fast fe_sess_rate ge X
tcp-request inspect-delay X
tcp-request connection reject if { src_conn_cur ge X }
tcp-request connection track-sc1 src
tcp-request content accept if ! too_fast
tcp-request content accept if WAIT_END
Thank you in advance.
-J
