All geek questions in one place

HAProxy restricts single backend over ip range

I inherited a HAProxy installation with about 20 basic definitions (and a bit more) in the configuration file. I was asked to limit one of the backends to a specific IP range, but so far my research (and limited knowledge of HAProxy) has yielded nothing.

While reading the manual, I found the network_allowed parameter that works with the interface , but I do not have any interface definitions, and I do not want to apply this restriction to any of the other proxy routes. Is there anything that I can specifically use on the backend to limit access over the IP range?

Thanks Simon

+4
source share
1 answer

To have HAProxy functionally configured, you will need the "frontend" or "listen" directives. These are the only directives that will respond to incoming requests. The backend directive provides only a way to route traffic for a proxy.

To say, here are the entries you need in the 'frontend' or 'listen' directive to achieve your goals:

acl white_list src 192.168.1.0/24 192.168.10.0/24
tcp-request content accept if white_list
tcp-request content reject

These directives will only allow traffic coming from the 192.168.1 / 24 and 192.168.10 / 24 subnets.

+8
source

Source: https://habr.com/ru/post/1538405/

More articles:


All Articles