Config for allowing root path + two other paths, and deny all the other paths

What I want is access to these paths:

  1. /
  2. /somepath1
    3 /somepath2

And show 404 page on all other paths. This is what I have tried, but still path /plaa for example routes to “acl path_root path /” -rule.

Configuration what I have tried:

frontend http_front
    bind *:80

    # ACL to allow access from selected networks
    acl allowed_networks src

    # ACL to match the desired paths
    acl path_root path /
    acl path1 path_beg /somepath1
    acl path2 path_beg /somepath2

    # Define the ACL conditions and corresponding actions
    use_backend backend_root if allowed_networks path_root
    use_backend backend1 if allowed_networks path1
    use_backend backend2 if allowed_networks path2
    use_backend backend_default if allowed_networks

backend backend_root
    # Configuration for the root path ("/")

backend backend1
    # Configuration for backend 1 ("/somepath1")

backend backend2
    # Configuration for backend 2 ("/somepath2")

backend backend_default
    # Configuration for the default backend or error page
    errorfile 404 /etc/haproxy/errors/404.html

I have also tried to deny, but with no luck:

  • http-request deny unless path1 or path2 or path_root
  • http-request deny if !path1 or !path2 or !path_root

How can I give 404 response or deny traffic to path like /testing and /prevented, if I don’t separate rule for those paths?

Any help appreciated!

It works exactly as you’d expect:

# ACL to match the desired paths
acl path_root path /
acl path1 path_beg /somepath1
acl path2 path_beg /somepath2

http-request deny status 404 unless path_root or path1 or path2

See here:

lukas@dev:~$ curl -v
*   Trying
* Connected to ( port 80 (#0)
> GET /prevented HTTP/1.1
> Host:
> User-Agent: curl/7.58.0
> Accept: */*
< HTTP/1.1 404 Not Found
< content-length: 0
* Connection #0 to host left intact

Oh boy, thank you very much for clarifying. I was using path_beg instead of path on path root (acl path_root path_beg /). Did not catch that before you clarified the configuration.
Explains the fuzzy redirects…