I have inherited an HAProxy setup with around twenty backend definitions (and little else) in the config file. I have been asked to restrict one of the backends to a specific IP range, but so far my research (and limited HAProxy knowledge) have yielded nothing.
Whilst reading the manual, I have found a network_allowed parameter that would work for a frontend, but I don't seem to have any front end definitions and I don't want to apply this restriction to any of the other proxy routes. Is there anything I can specifically use on a backend to restrict access by IP range?
Thanks, Simon
To have a functional HAProxy setup you would need either 'frontend' or 'listen' directives. These are the only directives that will respond to incoming requests. The 'backend' directive only provides for a way to route traffic behind the proxy.
That being said, here are the entries you need in a 'frontend' or 'listen' directive to accomplish your goals:
acl white_list src 192.168.1.0/24 192.168.10.0/24
tcp-request content accept if white_list
tcp-request content reject
These directives would allow only traffic coming from the 192.168.1/24 and 192.168.10/24 subnets.
If you love us? You can donate to us via Paypal or buy me a coffee so we can maintain and grow! Thank you!
Donate Us With