@rafaelweb wrote:
[Automatically translated]
Hello.I am participating in a new project and I chose HAProxy as a solution, but I am new to the subject and I need your help.
I need to allow external access to an internal application, and for that I am using HAProxy in a DMZ controlling access via firewall. In addition I needed to create an authentication in the application (PHP) and this is where the problems started.
I am trying to block the user’s access directly on HAProxy if he has not yet authenticated himself on the system. I thought about using a custom header but I can’t access that header in haproxy.Is this the ideal way for what I need to do?
My code looks like this:[PHP] ... if (!empty($_SESSION['uTokenAuth'])) { header("uTokenAuth:".$_SESSION['uTokenAuth']); } ... [HAPROXY] ... frontend http_in bind *:80 #bind *:443 ssl crt /etc/ssl/certs/mysite.pem http-request capture req.hdr(uTokenAuth) len 16 log-format %ci\:%cp\ frontend=%ft\ backend_ip=%bi\ backend_pool=%b\ server_name=%s\ AuthHeader=%[capture.req.hdr(0)]\ %hr\ %hrl\ %hs\ %hsl\ http_log="[%tr] %TR/%Tw/%Tc/%Tr/%Ta %ST %B %CC %CS %tsc %ac/%fc/%bc/%sc/%rc %sq/%bq %hr %hs %{+Q}r" #http-request redirect scheme https unless { ssl_fc } default_backend WEB backend WEB option forwardfor option http-server-close balance roundrobin server WEBSERVER ip:80 no-ssl check port 80 acl withtoken req.hdr(uTokenAuth) -m found acl loginpage path_beg /login http-request set-header X-Client-ip %[src] http-request set-header X-Forwarded-Proto http http-request set-header X-Frame-Options DENY http-request redirect location /login if !withtoken !loginpageThanks
Posts: 1
Participants: 1