Hi folks,
I have a web app (served by Tomcat) that was intended for intranet use. As
such I assume that the security is only basic and it is not suitable for
facing the public internet. When seeking a product to stand between my app
and the world, haproxy was recommended to me. I understand that this is not
the primary function of haproxy so if anyone can suggest a product more
suitable (open or commercial), then I'm all ears.
I have spoken briefly with Willy who has very kindly set me on the right
track for a couple of issues but I'm still not grokking haproxy yet. I have
the following set in my haproxy.cfg. haproxy is correctly proxying my
application but I am not challenged for a password at any point. Would
someone kindly point out where I have made errors?
Also, Willy suggested that I could use haproxy 1.5(dev) to harden the
connection, preventing brute force attacks and the like. I have reviewed the
configuration.txt file and most of the concepts are foreign to me. Has
anyone a sample config file for this purpose they would share?
Thanks,
Sean
userlist L1
group G1 users sean
user sean insecure-password abc123
backend sleds
mode http
acl auth_ok http_auth(L1) G1
http-request auth unless auth_ok
timeout connect 10s
timeout server 30s
balance roundrobin
server sled1 127.0.0.1:10001 weight 1 maxconn 512
frontend http_proxy #arbitrary name for the frontend
bind :80 #all interfaces at port 80
mode http
option forwardfor
option http-server-close
option http-pretend-keepalive
default_backend sleds #by default forward the requests to sled
