How to match haproxy http code with crowdsec rules

Hi guys. I’m new with crowsec sorry for noob question. I have ratelimit in haproxy and IPs that are matched with it, will get erro 429. Now I want to block those IPs. I mean if someone get 429 and if he insist to send requests it get block by crowdsec. thank you in advance for your reply.

You could create a scenario like this

type: leaky
name: ehsanhajian/haproxy-rate-limit
description: "Detect rate limit abuse"
filter: evt.Meta.http_status == '429'
groupby: "evt.Meta.source_ip"
capacity: 5
leakspeed: 30s
blackhole: 5m
labels:
  service: http
  remediation: true
1 Like