Hello, I have a frontend whitelisted by IP with the following rules:
acl whitelist src -f /etc/haproxy/whitelist.lst tcp-request connection reject unless whitelist and while documentation <https://cbonte.github.io/haproxy-dconv/1.8/configuration.html#4.2-tcp-request%20connection> suggests I would be able to see the rejected connections counted in stats (quote: they are accounted separately for in the stats, as "denied connections"), those are stuck at 0. The whitelist appears to be working ok, making a request from a non whitelisted IP results in: $ curl -v http://hostname * About to connect() to hostname port 80 (#0) * Trying xxx.xxx.xxx.xxx... * connected * Connected to hostname (xxx.xxx.xxx.xxx) port 80 (#0) > GET / HTTP/1.1 > User-Agent: curl/7.26.0 > Host: hostname > Accept: */* > * additional stuff not fine transfer.c:1037: 0 0 * Recv failure: Connection reset by peer * Closing connection #0 curl: (56) Recv failure: Connection reset by peer and whitelisted IPs work ok. I am running a self compiled haproxy 1.8.4 (with make options USE_PCRE=1 TARGET=linux2628 USE_OPENSSL=1 USE_ZLIB=1 USE_SYSTEMD=1) on Debian 8 with 3.16.0-5-amd64 kernel. Any ideas? Thanks -- Errikos Koen, Cloud Architect www.pamediakopes.gr
