Lukas,
Le 08/10/2015 23:47, Lukas Tribus a écrit :
> You really need to post the actual configuration, because we don't
> have any idea what you are trying to do and how you configured it.
>
> But yes, 213.254.248.96/27 covers 32 IPs starting from 213.254.248.96
> until 213.254.248.127.
Yes… right.
Here's the part that works well with single IPs (not with ranges like /27) :
[…]
frontend https-in
bind *:443 ssl crt …
mode http
option http-server-close
option forwardfor
acl allowed_clients hdr_sub(X-Real-IP) 10.10.200.0/24
213.200.107.128/25 213.254.248.96/27 62.72.112.128/28 84.199.92.128/26
91.237.72.4
http-request set-header X-Forwarded-Proto https
http-request set-header X-Forwarded-Port %[dst_port]
http-request set-header X-Forwarded-For %[req.fhdr(X-Real-IP)]
acl private_domain hdr_reg(host) -i
^([^\.]+?)\.(private1\.net|private2\.net)$
acl public_domain hdr_end(host) -i public.fr
http-request allow if private_domain allowed_clients
http-request deny if private_domain !allowed_clients
http-request allow if public_domain
[…]
Should I try another way to avoid access to some domains (except for
some IPs) and do not restrict another one?
--
Seb
