Re: Restrict HAProxy stats page to a specific IP

Mon, 03 Jul 2017 03:18:38 -0700 

On Mon, Jul 3, 2017 at 1:04 PM, Jarno Huuskonen <[email protected]>
wrote:

> Hi,
>
> On Fri, Jun 30, Kaushal Shriyan wrote:
> > I am running HAProxy version haproxy-1.5.x in my setup. I did added the
> > below settings.
> >
> > > *listen stats_frontend  bind *:1936  mode http  stats enable  stats
> uri /
> > > #
> > > http://cbonte.github.io/haproxy-dconv/1.5/configuration.html#4-stats%
> 20auth
> > > <http://cbonte.github.io/haproxy-dconv/1.5/configuration.html#4-stats%
> 20auth>
> > > acl office_addr src officeIP  acl stats_path path_beg /  http-request
> deny
> > > if stats_path !office_addr*
> >
> >
> > I get http 403 for two refresh and in the third refresh the haproxy stats
> > page gets loaded. Is there a way to disable Basic Authentication pop up?
>
> Perhaps you could share your config (at least the stats part) so it
> would be easier to determine what could be wrong with the config.
>
> Basic auth: do you have stats auth in your config ?
> (http://cbonte.github.io/haproxy-dconv/1.5/configuration.html#4-stats%
> 20auth)
> Try to comment/remove stats auth and see if that removes the basic auth.
>
> You can also use "stats http-request" to limit access to your own ip with:
>   acl office_addr src officeIP
>   stats http-request deny unless office_addr
> (http://cbonte.github.io/haproxy-dconv/1.5/configuration.html#stats%
> 20http-request)
>
> -Jarno
>
> --
> Jarno Huuskonen
>

Hi Jarno,

Thanks for the email and it is working as expected. I will appreciate if
you let me know to allow multiple office IP address.

For example http://IP1:1936 and http://IP2:1936

http://IP1:1936 -> http://192.168.1.10:1936
http://IP2:1936 -> http://192.168.1.20:1936

I am using the below settings in haproxy.cfg file


>
>
>
>
>
>
>
> *listen stats_frontend  bind *:1936  mode http  stats enable  stats uri /
> #
> http://cbonte.github.io/haproxy-dconv/1.5/configuration.html#4-stats%20auth
> <http://cbonte.github.io/haproxy-dconv/1.5/configuration.html#4-stats%20auth>
> acl office_addr src officeIP  acl stats_path path_beg /  http-request deny
> if stats_path !office_addr*


Thanks once again and appreciate your help. I look forward to hearing from
you.

Regards,

Kaushal

Reply via email to