Matching IP subnets

@speendo wrote:

First of all I have to thank you for HAProxy. I also want to explain, that this is a crosspost - the other post is here (https://serverfault.com/questions/988721/require-a-http-authentication-only-for-connections-from-outside-my-lan-in-haprox) but didn’t receive an answer yet so I thought I might ask in a community that is more specialised!

My frontend contains these lines to require a HTTP authentication

# Authentication
acl ValidOctoPrintUser http_auth(OctoPrintUsers)
http-request auth realm octoprint if !ValidOctoPrintUser

Now I want this authentication only for connections from outside of my LAN. Inside my LAN access should be granted without authentication.

I succeeded to do this for a single IP address like this:

# Authentication
acl ValidOctoPrintUser http_auth(OctoPrintUsers)
# Exclude internal IPs from Authentication
acl InternalIP src -i 192.168.0.123
http-request auth realm octoprint if !InternalIP !ValidOctoPrintUser

However, I cannot achieve to do this for a range of IP addresses (like 192.168.0.[100-250] or a little less specific 192.168.0.*).

Can you point me a way to to this? Or is there even a better way to identify requests coming from inside my LAN?

Posts: 5

Participants: 2

Read full topic