0

I'm trying to deny access to my HTTP server from IPs other than those allowed by my subnets ACLs on HAProxy.

I have the following HAProxy configuration :

frontend http bind 0.0.0.0:80 acl 1st_Floor_ACL src 192.168.0.0/24 acl 3st_Floor_ACL src 172.16.0.0/24 acl my-webserver_ACL hdr(host) -i my-webserver_ACL.myDomain.com use_backend my-webserver if my-webserver_ACL backend my-webserver mode http option forwardfor except 127.0.0.1 server my-webserver 10.10.0.0:80 maxconn 5000 check

In the frontend section, I tried replacing this line :

 use_backend my-webserver if my-webserver_ACL

by these two lines :

 use_backend my-webserver if my-webserver_ACL 1st_Floor_ACL use_backend my-webserver if my-webserver_ACL 3st_Floor_ACL

and reloaded the haproxy.service.

But it does not forbid other IPs.

Can you help ?

Improve this question
1
  • Show how you tested it and add haproxy logs from these tests, because that should work. When no use_backend matches and you don't have default_backend then you should get 503 service unavailable. Commented May 28 at 13:03

0

Reset to default

You must log in to answer this question.

Start asking to get answers

Find the answer to your question by asking.

Ask question

Explore related questions

See similar questions with these tags.