DEV Community

Cover image for How To Block IP Addresses In HAProxy
πŸš€ Vu Dao πŸš€
πŸš€ Vu Dao πŸš€

Posted on • Edited on

How To Block IP Addresses In HAProxy

#devops #haproxy #aws #alc

Update haproxy.cfg to add condition acl is-blocked-ip src -f /etc/haproxy/blocklisted.ips

 frontend fe-lehaproxy bind *:80 acl is-blocked-ip src -f /etc/haproxy/blocklisted.ips http-request deny if is-blocked-ip acl letsencrypt-acl path_beg /.well-known/acme-challenge/ use_backend letsencrypt-backend if letsencrypt-acl redirect scheme https code 301 if !letsencrypt-acl frontend fe-verify bind *:443 ssl crt /etc/certs acl is-blocked-ip src -f /etc/haproxy/blocklisted.ips http-request deny if is-blocked-ip http-request set-header X-Forwarded-Proto https if { ssl_fc } default_backend mybackend
Enter fullscreen mode Exit fullscreen mode

Blocked list

 ~:/etc/haproxy# cat blocklisted.ips 32.66.111.255 11.129.81.18
Enter fullscreen mode Exit fullscreen mode

Requests from IP addresses within the blocklisted.ips file will receive 403
Alt Text

Another way to block IP addresses is to update inbound rule of AWS ALC
Alt Text

More about HAProxy

Top comments (0)