ajout de http cats (avec adaptation selinux en parallèle)

haproxy.cfg

@@ -85,13 +85,15 @@ userlist admin-ghost
 frontend https
  	bind *:443,[::]:443 ssl crt /etc/haproxy/ssl/ strict-sni alpn http/1.1
  	#bind *:443,[::]:443 ssl crt /etc/haproxy/ssl/ strict-sni alpn h2,http/1.1
-  	http-request set-header X-Forwarded-Proto https if { ssl_fc }
+  	# headers
+	http-request set-header Host %[req.hdr(Host)]
+    	http-request set-header X-Real-IP %[src]
+	http-request set-header X-Forwarded-Proto https if { ssl_fc }
   	http-request set-header X-Forwarded-Proto http if !{ ssl_fc }
   	http-request set-header X-Forwarded-For %[src]	
-  	http-request set-header X-Forwarded-For %[src]	
 	http-request track-sc0 src table per_ip_rates
         http-request silent-drop if { sc_http_req_rate(0) gt 100 }
-	
+
 	# config httpcats
 	errorfiles kitties
 	http-response return status 400 default-errorfiles if { status 400 }
@@ -122,8 +124,11 @@ frontend https
     	http-request allow if my_ip
     	http-request allow if my_lan1
     	http-request allow if my_lan2
-
-    	# Appliquer la rate-limit globale pour le reste
+    	
+		#bloquer le reste
+#	http-request deny deny_status 403
+	
+	# Appliquer la rate-limit globale pour le reste
     	http-request deny deny_status 429 if { sc0_http_req_rate gt 100 }
 
 	# BEGIN CORS
@@ -216,7 +221,7 @@ backend boudoir-backend
 #	server boudoir 192.168.1.107:31723 check
 
 backend homegit-backend
-	server homegit 192.168.1.70:3000
+	server homegit 192.168.1.70:3000 check
 
 backend stats-backend
 	server stats 192.168.1.49:3000