pfSense Support Subscription

Author Topic: HA PROXY + Inline Snort -> Blocks HAPROXY IP  (Read 69 times)

0 Members and 1 Guest are viewing this topic.

Offline crester

  • Newbie
  • *
  • Posts: 15
  • Karma: +0/-0
    • View Profile
HA PROXY + Inline Snort -> Blocks HAPROXY IP
« on: July 17, 2017, 04:28:58 am »
Hello.
This is my scenario:

PFSENSE-HAPROXY -> PFSENSE-SNORT -> WEBSERVER

Snort is Blocking Offenders.

if I attack public IP from the webserver, Snort see the attack and add HAPROXY Internal IP to the block lists.
Added enable_xff in the snort configuration, X-Forwarded-For is captured in pcap, but not in logs and still blocking the HAPROXY internal ip .

Can someone help me ?

Thank you.
Regards.

Offline crester

  • Newbie
  • *
  • Posts: 15
  • Karma: +0/-0
    • View Profile
Re: HA PROXY + Inline Snort -> Blocks HAPROXY IP
« Reply #1 on: July 18, 2017, 02:06:06 pm »
Well,
I have been able to block real offenders instead of the internal IP of the HAPROXY configuring it in transparent mode.
I don't like too much but it is a solution by now, I hope will be a workaround.

kr