HAProxy community

Custom Authentication support?


#1

Our company has a unique requirement (or maybe it isn’t unique) and I am looking for feedback as to the viability of HAP Proxy as a solution. Please read on if you think you can help.

We require the capability of a standard TCP Proxy. However, we need to authenticate users via their source IP Address and, at particular times during the day, the data to flow through the proxy, to their TCP socket(s).

Put another way… Customer A and B are connected. They want to use the same hardware that is behind the proxy, but at different times. Customer A needs to read and write from 1AM to 1:08 AM. Customer B needs to read and write from 1:10 AM to 1:20 AM. If they try to read or write outside those times the data should never be forwarded to the hardware behind the proxy.

Put yet another way… we need customizable lockout periods that lookup a customer in a database, retrieve their schedule, and only allow them to read / write bits at certain times.

If this is possible what does the scope look like? I may be interested in hiring someone to do the work as a contractor.


#2

There is no build-in support for time-based ACL’s afaik.

However you will certainly be able to LUA:
https://www.arpalert.org/haproxy-api.html