On Mon, 22 Jun 2020 at 20:16, Tim Düsterhus <t...@bastelstu.be> wrote:
> This off-the-shelf PHP application has an integrated admin control panel
> within the /admin/ directory. The frontend consists of several "old
> style" PHP files, handling the various paths (e.g. login.php,
> register.php, create-thread.php). During upgrades of this off-the-shelf
> software new files might be added for new features.
> My boss asked me to restrict the access to the admin control panel to
> our internal network ( for security reasons. Access to
> the user frontend files must not be restricted.

If I were solving this problem solely at the haproxy layer, I'd do
something like this:

 acl internal_net src
 acl admin_request path_beg /admin/
 http-request deny if admin_request !internal_net

Though by preference I'd put app policy logic as close to, or best of
all inside, the app itself; which would have X-Forwarded-For
implications. I may have misunderstood your question though!

I'm intrigued by what common problems you foresee here. I suppose the
Front Controller pattern might be ... interesting to deal with?

Jonathan Matthews
London, UK

Reply via email to