From 4ab26dfed0843c3f904f21fbad067ebc3bfc3ca7 Mon Sep 17 00:00:00 2001
From: billisdead <billisdead@tutanota.com>
Date: Mon, 12 Jan 2026 17:31:09 +0100
Subject: [PATCH] secu 429 out lan 1et2

---
 haproxy.cfg | 8 +++++++-
 1 file changed, 7 insertions(+), 1 deletion(-)

diff --git a/haproxy.cfg b/haproxy.cfg
index ddc5814..4dbb71c 100644
--- a/haproxy.cfg
+++ b/haproxy.cfg
@@ -105,10 +105,14 @@ frontend https
 
     	# Whitelist IP perso (optionnel)
     	acl my_ip src 82.67.3.126
+    	acl my_lan1 src 192.168.1.0/24
+    	acl my_lan2 src 192.168.2.0/24
 
     	# Autoriser ton domaine (ou ton IP) à passer sans rate-limit
     	http-request allow if n8n_domain
     	http-request allow if my_ip
+    	http-request allow if my_lan1
+    	http-request allow if my_lan2
 
     	# Appliquer la rate-limit globale pour le reste
     	http-request deny deny_status 429 if { sc0_http_req_rate gt 100 }
@@ -321,10 +325,12 @@ backend per_ip_rates
 
     	# Whitelist IP: 82.67.3.126 (bypass rate limiting)
     	acl is_whitelisted_ip src 82.67.3.126
+    	acl is_whitelisted_lan1 src 192.168.1.0/24
+    	acl is_whitelisted_lan2 src 192.168.2.0/24
 
     	# Whitelist domain: *.gyozamancave.fr (bypass rate limiting)
     	acl is_whitelisted_domain hdr_end(host) -i gyozamancave.fr
 
     # Apply rate limiting (10 req/10s) unless whitelisted
     	#http-request deny deny_status 429 if !is_whitelisted_ip !is_whitelisted_domain { sc0_http_req_rate(per_ip_rates) gt 10 }
-    	http-request deny deny_status 429 if !is_whitelisted_ip !is_whitelisted_domain { sc0_http_req_rate gt 10 }    	
+    	http-request deny deny_status 429 if !is_whitelisted_ip !is_whitelisted_lan1 !is_whitelisted_lan2 !is_whitelisted_domain { sc0_http_req_rate gt 10 }