Haproxy DDoS Protection config

frontend public
bind *:80

# table used to store behaviour of source IPsstick-table type ip size 200k expire 5m store gpc0,conn_rate(10s)

# IPs that have gpc0 > 0 are blocked until the go away for at least 5 minutesacl source_is_abuser src_get_gpc0 gt 0
tcp-request connection reject if source_is_abuser

# connection rate abuses get blockedacl conn_rate_abuse sc1_conn_rate gt 30
acl mark_as_abuser   sc1_inc_gpc0  gt 0
tcp-request connection track-sc1 src
tcp-request connection reject if conn_rate_abuse mark_as_abuser

Reference

• haproxy docs
• Use a load-balancer as a first row of defense against DDOS