Simplify and standardize path-based haproxy blocking
Using file-based block lists simplifies the most common forms of ACL additions, making urgent changes safer and quicker to apply than writing new ACLs from scratch.
Useful lists we could standardize include:
- regexp match on request path
- regexp match on beginning of request path (implemented today by "blacklist-uris.lst")
- substring match on request path (computationally cheaper but less flexible than the equivalent regexp matcher)
- CIDR match on client IP (after Cloudflare compatibility transformations)
- regexp match on request path rate-limited to configurable X requests per second per client IP (after Cloudflare compatibility transformations)