Hi List, I was having a bit of off-list disagreement with Willy regarding how HAProxy ACLs should work and what (experienced) administrators may or may expect from them. I am arguing about something I believe many administrators might accidentally do incorrectly. I'm intentionally being vague here, to not spoil any results of this survey.
Let's pretend I'm new to this list and send the following request for help: --- We are using an off-the-shelf PHP 7.2 application (think some bulletin board software), running behind nginx as the FastCGI gateway and static file server. In front of that nginx we are running HAProxy 2.0 in 'mode http'. This off-the-shelf PHP application has an integrated admin control panel within the /admin/ directory. The frontend consists of several "old style" PHP files, handling the various paths (e.g. login.php, register.php, create-thread.php). During upgrades of this off-the-shelf software new files might be added for new features. My boss asked me to restrict the access to the admin control panel to our internal network (192.168.0.0/16) for security reasons. Access to the user frontend files must not be restricted. How can I do this? --- What kind of (configuration) advice would you give me? Do you have any concerns? I consider *anything* a valid answer here and I'd like to hear from both experienced admins and "newbies". I'll give the "solution" once I get some replies :-) Best regards Tim Düsterhus