HaProxy custom blacklists

This Ansible suite comes with some default blacklists by default. However, in some circumstances it may be required to quickly add a couple of entries to those blackliste and you quickly want to rol them out.

For this you can create/edit the file /etc/ansible/facts.d/blacklist.fact with this json content:

1
2
3
4
5
6
7
8
{
  "agent": [],
  "ip": [
    "212.34.56.78",
    "198.11.149.0/24"
  ],
  "referer": []
}

So for each of the 3 supported blacklists you can provide an array with strings that will be looked up for each request.

With the following command you can roll out those changes:

1
ascr haproxy-blacklists