Hello alltogether,
I have created a machine with MeshCentral (Windows) and another ohne with HAproxy (RedHat/Fedora).
Everything is working fine, when I use it without restrictions.
But I want to set restriction for the MeshCentral.
For Administration it should be only available from internal LAN.
From external WWW it should be only open for the agents (on the clients) and for time based invitations (to customers).
For example, the URL for the Invitation can be…
"https://my.server.com/agentinvite?c=s9aagfnsvFK7CSS6cW@sse6Tulgk3bmYHEsFow==)"
… and the URL for the agents can be…
"https://my.server.com/meshagent?id=43gmqgy8P4N@wqajOPEOLG5OTPs5JYHEsw)*="
.
The admistrations can connect to…
"https://my.server.com/"
… to manage the clients, users,… from LAN.
Now my HAproxy has the following config, with rerstrictions…
#MeshCentral
acl is_MeshCentral hdr_dom(Host) -i my.server.com
use_backend BackEnd-MeshCentral if is_MeshCentral
backend BackEnd-MeshCentral
balance source
server 172.31.199.51 172.31.199.51:443 maxconn 4096 check ssl verify none
http-request allow if { path_beg -i /meshagents } { src 0.0.0.0/0 }
http-request allow if { path_beg -i /agentinvite } { src 0.0.0.0/0 }
http-request deny if { path_dir -i -m beg / } !{ src 10.17.18.0/21 } !{ src 172.31.9.0/24 }
… it is working, but the URL for the agents and invitations are a blank screen; there should be a choise and a button.
When i remove the lines with “http-request” everythin is working, but the admin site is also in the www.
Can any one give me an idea???