@arvindsaket wrote:
I am new to HAProxy. I want to restrict all to access a sub URL but not for access from few IPs. My Implementation of HAProxy is below and it is blocking all for IPs. I want "example.com/abc/qaz" accessible from 1.1.1.1 and 2.2.2.2 only.
# Listen to port 80. Throw a 301 redirect to port 443 frontend Listen80 bind *:80 redirect scheme https code 301 if !{ ssl_fc } # List to port 443. Redirect to appropriate backend based on URL frontend Listen443 bind *:443 ssl crt /etc/ssl/certs/examplesslpem %> acl web_url path_beg /abc /xyz acl web_url path_beg /efg /xy acl batch_url path_beg /h /ga acl network_allowed src 1.1.1.1 2.2.2. acl resticted_pages path_beg /abc/qaz/ http-request deny if resticted_pages !network_allowed use_backend BATCH if batch_url use_backend SVC if svc_url use_backend WEB if web_url # Listen to port 8080. Pass through to WEB backend frontend Listen8080 bind *:8080 use_backend WEB backend WEB mode http balance roundrobin option httpclose cookie SERVERIDWEB insert indirect nocache secure option forwardfor http-request set-header X-Forwarded-Port %[dst_port] http-request add-header X-Forwarded-Proto https if { ssl_fc } reqrep ^([^\ ]*\ /)abc[/]?(.*) \1\2 server app-1 example-app1.com:8080 check cookie app1web server app-2 example-app2.com:8080 check cookie app2web server app-3 example-app3.com:8080 check cookie app3web server app-4 example-app4.com:8080 check cookie app4web server app-5 example-app5.com:8080 check cookie app5web
Posts: 1
Participants: 1