On Wed, Jul 16, 2014 at 5:45 PM, JDzialo John <[email protected]> wrote:
>
> Hi Guys,
>
>
>
> I want to only allow certain internal company IP addresses to have access to
> one of my web farms. I am using haproxy 1.5 on Debian 7.
>
>
>
> I am using a whitelist.lst file with the following contents...
>
>
>
> 10.0.0.0/8
>
>
>
> Here is my frontend configuration...
>
>
>
> frontend https-in
>
> bind *:443 ssl crt /etc/ssl/xxx.cert.chain.pem
>
> http-request allow if { src -f
> /etc/haproxy/whitelist.lst }
>
> reqadd X-Forwarded-Proto:https
>
> reqadd X-Forwarded-Port:443
>
> timeout client 600000
>
>
>
> default-backend web
>
>
>
> However any IP is still allowed through this frontend. It does not appear to
> be restricting access to any other IP. Am I missing something in my
> configuration?
>
>
>
> Thanks
>
>
>
>
>
> John Dzialo | Linux System Administrator
>
> Direct 203.783.8163 | Main 800.352.0050
>
>
>
> Environmental Data Resources, Inc.
>
> 440 Wheelers Farms Road, Milford, CT 06461
>
> www.edrnet.com | commonground.edrnet.com
>
>
>
>
Hi John,
Please avoid HTML mails...
Give a try to the following configuration:
http-request deny unless { src -f /etc/haproxy/whitelist.lst }
Baptiste
