Access control for stats page
Is there a way to setup an ACL for the haproxy stats page? We do have authentication set up for the URL, but we would feel better if we could limit access to a white list of local networks. Is there a way to do that?
Re: Access control for stats page
Hello Yep there is Have a frontend Send say /hastats to a hastats backend have the backend have its stats URL be /hastats too Set the acls in the frontend I'll post a config example in a bit. Neil On 21 Apr 2015 20:09, CJ Ess zxcvbn4...@gmail.com wrote: Is there a way to setup an ACL for the haproxy stats page? We do have authentication set up for the URL, but we would feel better if we could limit access to a white list of local networks. Is there a way to do that?
Re: Access control for stats page
heres are some relevent snips I run this in with same address as the service frontend SSL ... acl url_hastats url_beg /hastats acl location_trusted src 123.123.123.0/24 acl magic_cookie_trusted hdr_sub(cookie) magicforthissiteonly=foobar_SHA1value_etc use_backend hastats if url_hastats location_trusted use_backend hastats if url_hastats magic_cookie_trusted deny if url_hastats ... backend hastats mode http stats uri /hastats stats realm Service\ Loadbalancer stats show-desc br/font color='GoldenRod ' size='5'url.domain: Service Loadbalancer/fontbr/font color='blue' size='3'running on hostnamebr/ config version/font stats show-legends stats auth admin:password stats admin if TRUE On 21 April 2015 at 21:04, Neil - HAProxy List maillist-hapr...@iamafreeman.com wrote: Hello Yep there is Have a frontend Send say /hastats to a hastats backend have the backend have its stats URL be /hastats too Set the acls in the frontend I'll post a config example in a bit. Neil On 21 Apr 2015 20:09, CJ Ess zxcvbn4...@gmail.com wrote: Is there a way to setup an ACL for the haproxy stats page? We do have authentication set up for the URL, but we would feel better if we could limit access to a white list of local networks. Is there a way to do that?
Re: Access control for stats page
Very cool, thank you for the snippets! On Tue, Apr 21, 2015 at 6:55 PM, Neil - HAProxy List maillist-hapr...@iamafreeman.com wrote: heres are some relevent snips I run this in with same address as the service frontend SSL ... acl url_hastats url_beg /hastats acl location_trusted src 123.123.123.0/24 acl magic_cookie_trusted hdr_sub(cookie) magicforthissiteonly=foobar_SHA1value_etc use_backend hastats if url_hastats location_trusted use_backend hastats if url_hastats magic_cookie_trusted deny if url_hastats ... backend hastats mode http stats uri /hastats stats realm Service\ Loadbalancer stats show-desc br/font color='GoldenRod ' size='5'url.domain: Service Loadbalancer/fontbr/font color='blue' size='3'running on hostnamebr/ config version/font stats show-legends stats auth admin:password stats admin if TRUE On 21 April 2015 at 21:04, Neil - HAProxy List maillist-hapr...@iamafreeman.com wrote: Hello Yep there is Have a frontend Send say /hastats to a hastats backend have the backend have its stats URL be /hastats too Set the acls in the frontend I'll post a config example in a bit. Neil On 21 Apr 2015 20:09, CJ Ess zxcvbn4...@gmail.com wrote: Is there a way to setup an ACL for the haproxy stats page? We do have authentication set up for the URL, but we would feel better if we could limit access to a white list of local networks. Is there a way to do that?