Set custom header (which can be processed by reverse proxy) #2357

int2001 · 2025-09-27T10:43:28Z

Set custom Header (X-Login-Status: failed) on failed login.
This one can be processed by your Reverseproxy to block/ban/tarpit a possible attacker.

Possible haproxy-Config in backend could be (This example blocks the requester IP for 5mins if there were more than 10 failed requests either on API or loginpage)

backend wavelog
        mode http
	stick-table type ipv6 size 100k expire 5m store gpc0
	http-request track-sc0 src
	acl ip_blocked sc0_get_gpc0 gt 10
	http-request deny deny_status 429 if ip_blocked
	acl login_failed status 401
	acl header_failed res.hdr(X-Login-Status) -i "failed"
	http-response sc-inc-gpc0(0) if login_failed or header_failed
        server local 127.0.0.1:81 check maxconn 250

phl0

Worx

Set custom header (which can be processed by reverse proxy)

e18abd3

int2001 requested a review from HB9HIL September 27, 2025 10:43

int2001 added the security Security related label Sep 27, 2025

phl0 approved these changes Sep 27, 2025

View reviewed changes

int2001 merged commit b98ab2d into wavelog:dev Sep 27, 2025

int2001 deleted the set_header branch November 11, 2025 11:25

HB9HIL mentioned this pull request Nov 13, 2025

use correct syntax for set_header() #2527

Merged

Provide feedback

Saved searches

Use saved searches to filter your results more quickly

Uh oh!

Set custom header (which can be processed by reverse proxy) #2357

Set custom header (which can be processed by reverse proxy) #2357

Uh oh!

int2001 commented Sep 27, 2025 •

edited

Loading

Uh oh!

phl0 left a comment

Uh oh!

Reviewers

Assignees

Labels

Projects

Milestone

Development

Uh oh!

2 participants

Set custom header (which can be processed by reverse proxy) #2357

Set custom header (which can be processed by reverse proxy) #2357

Uh oh!

Conversation

int2001 commented Sep 27, 2025 • edited Loading Uh oh! There was an error while loading. Please reload this page.

Uh oh!

Uh oh!

phl0 left a comment

Choose a reason for hiding this comment

Uh oh!

Reviewers

Assignees

Labels

Projects

Milestone

Development

Uh oh!

2 participants

int2001 commented Sep 27, 2025 •

edited

Loading