Actually deny if url_hastats !location_trusted !magic_cookie_trusted
You could have another backend with a go away message and use_backend that rather than deny On 22 Apr 2015 03:54, "CJ Ess" <zxcvbn4...@gmail.com> wrote: > Very cool, thank you for the snippets! > > On Tue, Apr 21, 2015 at 6:55 PM, Neil - HAProxy List < > maillist-hapr...@iamafreeman.com> wrote: > >> heres are some relevent snips >> I run this in with same address as the service >> >> frontend SSL >> ... >> acl url_hastats url_beg /hastats >> acl location_trusted src 123.123.123.0/24 >> acl magic_cookie_trusted hdr_sub(cookie) >> magicforthissiteonly=foobar_SHA1value_etc >> use_backend hastats if url_hastats location_trusted >> use_backend hastats if url_hastats magic_cookie_trusted >> deny if url_hastats >> ... >> >> backend hastats >> mode http >> stats uri /hastats >> stats realm Service\ Loadbalancer >> stats show-desc <br/><font color='GoldenRod ' size='5'>url.domain: >> Service Loadbalancer</font><br/><font color='blue' size='3'>running on >> hostname<br/> config version</font> >> stats show-legends >> stats auth admin:password >> stats admin if TRUE >> >> >> On 21 April 2015 at 21:04, Neil - HAProxy List < >> maillist-hapr...@iamafreeman.com> wrote: >> >>> Hello >>> >>> Yep there is >>> >>> Have a frontend >>> >>> Send say /hastats to a hastats backend >>> >>> have the backend have its stats URL be /hastats too >>> >>> Set the acls in the frontend >>> >>> I'll post a config example in a bit. >>> >>> Neil >>> On 21 Apr 2015 20:09, "CJ Ess" <zxcvbn4...@gmail.com> wrote: >>> >>>> Is there a way to setup an ACL for the haproxy stats page? We do have >>>> authentication set up for the URL, but we would feel better if we could >>>> limit access to a white list of local networks. Is there a way to do that? >>>> >>>> >> >
