Config for allowing root path + two other paths, and deny all the other paths

Dandelion · July 13, 2023, 7:18am

What I want is access to these paths:

/
/somepath1
3 /somepath2

And show 404 page on all other paths. This is what I have tried, but still path /plaa for example routes to “acl path_root path /” -rule.

Configuration what I have tried:

frontend http_front
    bind *:80

    # ACL to allow access from selected networks
    acl allowed_networks src 192.168.0.0/24 10.0.0.0/24

    # ACL to match the desired paths
    acl path_root path /
    acl path1 path_beg /somepath1
    acl path2 path_beg /somepath2

    # Define the ACL conditions and corresponding actions
    use_backend backend_root if allowed_networks path_root
    use_backend backend1 if allowed_networks path1
    use_backend backend2 if allowed_networks path2
    use_backend backend_default if allowed_networks

backend backend_root
    # Configuration for the root path ("/")

backend backend1
    # Configuration for backend 1 ("/somepath1")

backend backend2
    # Configuration for backend 2 ("/somepath2")

backend backend_default
    # Configuration for the default backend or error page
    errorfile 404 /etc/haproxy/errors/404.html

I have also tried to deny, but with no luck:

http-request deny unless path1 or path2 or path_root
http-request deny if !path1 or !path2 or !path_root

How can I give 404 response or deny traffic to path like /testing and /prevented, if I don’t separate rule for those paths?

Any help appreciated!

lukastribus · July 13, 2023, 9:12am

It works exactly as you’d expect:

# ACL to match the desired paths
acl path_root path /
acl path1 path_beg /somepath1
acl path2 path_beg /somepath2

http-request deny status 404 unless path_root or path1 or path2

See here:

lukas@dev:~$ curl 127.0.0.1:80/prevented -v
*   Trying 127.0.0.1...
* TCP_NODELAY set
* Connected to 127.0.0.1 (127.0.0.1) port 80 (#0)
> GET /prevented HTTP/1.1
> Host: 127.0.0.1
> User-Agent: curl/7.58.0
> Accept: */*
>
< HTTP/1.1 404 Not Found
< content-length: 0
<
* Connection #0 to host 127.0.0.1 left intact
lukas@dev:~$

Dandelion · July 14, 2023, 11:49am

Oh boy, thank you very much for clarifying. I was using path_beg instead of path on path root (acl path_root path_beg /). Did not catch that before you clarified the configuration.
Explains the fuzzy redirects…

Topic		Replies	Views
Cannot restrict traffic, how to http-request deny allow !path \|\| !path2 !networks Help!	1	2031	April 22, 2021
Http frontend to https Backend on selected paths Help!	9	1310	December 10, 2021
Haproxy redirect multiple webserver Help!	11	3974	May 2, 2019
Redirect all path of front-end to a default page in backend server Configuration Samples	1	974	May 7, 2022
Allowing only some paths - not working as planned Help!	1	647	May 19, 2021

Config for allowing root path + two other paths, and deny all the other paths

Related topics