sshpot-com icon indicating copy to clipboard operation
sshpot-com copied to clipboard

Published 20 hours ago verified publisher icon joshrendek

Plain text export

Open analytically opened this issue 11 years ago • 6 comments

Being able to curl a simple IP, plain text list to feed to haproxy would be great.

137.175.0.1
142.0.128.33
142.4.96.44

analytically avatar Jul 11 '14 13:07 analytically

@analytically What is the purpose of exporting this to Haproxy?

joshrendek avatar Jul 11 '14 16:07 joshrendek

Automatically blocking IPs that tried SSH access.

analytically avatar Jul 11 '14 16:07 analytically

Eg. https://github.com/jvehent/haproxy-aws/blob/master/haproxy.cfg#L70

analytically avatar Jul 11 '14 16:07 analytically

It'd also be good if the IP addresses in there are unique.

analytically avatar Jul 11 '14 16:07 analytically

@analytically sure i can get this whipped up - would you mind providing a smaller haproxy cfg for people to use so I can add it to the docs as an example usage?

joshrendek avatar Jul 11 '14 16:07 joshrendek

Sure:

First, curl the file: curl -s -f -o /etc/haproxy/sshpot-blacklist.txt http://sshpot.com/api/ssh_logins.txt

Then:

global
    log 127.0.0.1   local0
    log 127.0.0.1   local1 notice
    maxconn 4096
    user haproxy
    group haproxy
    daemon

defaults
    log global
    mode    http
    option forwardfor
    option http-server-close
    stats enable

frontend http-in
    bind *:80
    tcp-request content reject if { src -f /etc/haproxy/sshpot-blacklist.txt }
    reqadd X-Forwarded-Proto:\ http
    default_backend application-backend

backend application-backend
    # put your application server ip address here
    server node1 10.0.0.1 check inter 1000

analytically avatar Jul 11 '14 18:07 analytically