Detection, Mitigation & Response

Detect and mitigate DDoS attacks in under 1 second, respond automatically, and keep your users informed.

All features →
1-Second Detection
Know the instant traffic spikes. PPS checked every second.
Attack Classification
Identifies 8 attack types with protocol-level confidence scores.
Node Firewall Rules
Per-server iptables, null-routes, CDN rules & scripts.
Cloud Scrubbing
Auto-divert to Cloudflare, OVH, or Hetzner on attack detection.
BGP Mitigation
Auto-deploy FlowSpec, RTBH blackhole & rate-limiting via BGP.
Multi-Channel Alerts
Discord, Slack, PagerDuty, OpsGenie, SMS, email, webhooks.
IOC Pattern Matching
Identify Mirai, LOIC & botnets via payload-level indicator matching.
PCAP Capture
Full packet capture with AI-powered forensic analysis.
Status Pages
Auto-updated public incident pages for your users.
Real-Time Analytics Dynamic Baselines Threat Intel Multi-Node Maintenance Audit Log
Learn
Documentation Quick Start API Reference Agent Setup DDoS Protection Landscape Free Certifications NEW
Popular Guides
memcached Amplification Dynamic Baselines PCAP Forensics PagerDuty Setup
Company
About Us Partners White Label Referral Program Pay with Crypto System Status
Legal & Support
Contact Us Terms Privacy SLA
Who Uses Flowtriq

From indie hosts to ISPs — see how teams like yours use Flowtriq to detect and stop DDoS attacks.

Talk to Us →
Infrastructure
Hosting Providers ISPs MSPs Small Operators
Gaming
Game Server Hosting Game Studios
Business
SaaS Platforms E-Commerce Financial Services
Home/Tools/HAProxy DDoS Config

Free Tool

HAProxy DDoS Protection Config Generator

Generate HAProxy frontend and backend configuration with built-in DDoS protection. Rate limiting, stick tables, slowloris defense, connection caps, and more.

Configuration

Request Rate Limiting
Limit HTTP requests per IP per second
Limit:req/10s per IP
Connection Limits
Max concurrent connections per source IP
Max:conns/IP
Slowloris Protection
Timeout slow/incomplete HTTP requests
Tarpit Mode
Delay responses to flagged abusers
Stick Tables
Track per-IP request rates and conn counts
Geo/IP ACLs
Block by User-Agent and path patterns
haproxy-ddos.cfg
Configure your settings and click Generate Config.
Warning: Test HAProxy configuration before reloading: haproxy -c -f /etc/haproxy/haproxy.cfg. Overly aggressive rate limits can block legitimate users. Start with higher limits and tune down based on traffic patterns. Monitor stick table entries: echo "show table ft_ddos" | socat stdio /var/run/haproxy.sock.

How These Protections Work

Stick Tables

In-memory key-value stores that track per-IP metrics (request rates, connection counts, bytes transferred). HAProxy uses these to make real-time decisions without external lookups. Entries expire automatically after the configured period.

Rate Limiting

Uses stick table counters to track HTTP request rates per source IP. When an IP exceeds the threshold, HAProxy can deny (403), tarpit (slow response), or redirect the request. Measured using a sliding window counter (http_req_rate).

Slowloris Defense

Slowloris attacks hold connections open by sending partial HTTP headers very slowly. HAProxy's timeout http-request closes connections that don't complete the request within the deadline. Much more effective than webserver-level timeouts.

Tarpit Mode

Instead of immediately rejecting abusive clients (which lets them reconnect fast), tarpit holds the connection open and responds very slowly. This wastes the attacker's resources and connection slots while using minimal server resources.

Connection Limits

Caps the number of simultaneous connections from a single IP using conn_cur stick table tracking. Prevents a single source from exhausting the connection pool. Essential for defending against layer 4 connection floods.

ACL Blocking

Access Control Lists define conditions for blocking traffic. You can block by User-Agent (scanner tools), request path (known exploit URLs), or combine multiple conditions. ACLs are evaluated in order and are very fast.

Protect your infrastructure with Flowtriq

Detect DDoS attacks in under 1 second. Classify attack types automatically. Get instant alerts.

Start your free trial →
Export your results