Hello Frank, On Mon, 27 May 2019 at 20:52, Frank Myhr <fm...@fhmtech.com> wrote: > > Hi, > > I have a setup with multiple domains that resolve to a single public IP > address, with https handled by haproxy using SNI feeding an apache http > backend using name-base virtual hosting. Access to some (but not all) of > the virtual hosts should be restricted to a list of ip address ranges. > > I'd like to use ipsets for this access control, because they are > convenient to set up and maintain, and because they've been working > great in other setups where I use them from iptables. > [...] > I suppose canonical ways are haproxy src ACL or apache > require ip. Both seem (to me) to be less flexible and harder to maintain > than ipsets.
For everyone that is not as familiar with ipset, like myself, can you elaborate why ipset is more flexible, easier to maintain and more convenient to set up than haproxy src ACLs or maps? Thanks, Lukas
