HAProxy Enterprise Documentation 2.2r1

Response Policies

Response policies let you perform an action on a suspicious connection or request. For example, you might deny an HTTP request if it doesn't include a specific URL parameter such as an API token value. Or, you might tarpit clients that you suspect to be automated bots.

You first define ACLs, which are rules for when to flag a client. An ACL evaluates a characteristic of a connection or request, such as whether the request includes a particular URL parameter. It always returns either true or false. You then use a response policy to take action against flagged clients.

Deny: Deny a client's HTTP request or a server's response.
reCAPTCHA: Present a Google reCAPTCHA to a user.
Reject: Reject an HTTP request or TCP connection.
Shadowban: Shadowban a client by sending them to a dummy resource.
Silent Drop: Silently drop a client's HTTP request without notifying the client that the connection has been closed.
Tarpit: Stall a client's request for a period of time before returning an error response.

Next up

Deny

More Versions

HAProxy Products Documentation

Response Policies

Your feedback is important to us!