From d60b8468c8e35a2f5b657a9f60d3753794b87e7b Mon Sep 17 00:00:00 2001
From: mivirl <>
Date: Fri, 14 Mar 2025 18:03:22 +0000
Subject: [PATCH] Add example allowed host

Added an example to the haproxy configuration to allow requests to a
specific host even if the request would otherwise be blocked.
---
 haproxy_conf/haproxy.cfg | 7 +++++--
 1 file changed, 5 insertions(+), 2 deletions(-)

diff --git a/haproxy_conf/haproxy.cfg b/haproxy_conf/haproxy.cfg
index 5d8707e..907a53e 100644
--- a/haproxy_conf/haproxy.cfg
+++ b/haproxy_conf/haproxy.cfg
@@ -93,6 +93,9 @@ frontend incoming_http
 	acl trigger sc2_gpc0_rate(st_waf_trigger) gt 40
 	acl trigger_debounce sc1_gpc0_rate(st_waf_debounce) gt 0
 
+	# Allow some hosts anyways
+	acl allow_host hdr(host) -i some.host.invalid:9999
+
 	# Boolean for if the request should be blocked
 	acl waf_triggered acl(ip_block) -m bool true
 	acl waf_triggered acl(ja4_block) -m bool true
@@ -118,11 +121,11 @@ frontend incoming_http
 	http-request sc-inc-gpc0(2) if waf_triggered
 
 	# Send a 429 response if the client is making way too many requests
-	http-request deny deny_status 429 if rate_limit_high !ip_allow !ja4_allow
+	http-request deny deny_status 429 if rate_limit_high !ip_allow !ja4_allow !allow_host
 
 	# Otherwise choose backend based on whether the request was blocked. Sends
 	# a 200 status code regardless of whether it was blocked.
-	use_backend backend_normal if ip_allow || ja4_allow
+	use_backend backend_normal if ip_allow || ja4_allow || allow_host
 	use_backend backend_ban if waf_triggered
 	default_backend backend_normal
 
-- 
2.39.5