HAProxy community

Haproxy acl to block ips and host header

Hi guys,
I can’t get the following acls to work as intended.

acl src1 src xx.xx.xx.xx/xx
acl src1 src yy.yy.yy.yy/yy
acl admin hdr_beg(host) -i admin
acl adminservice hdr_beg(host) -i adminservice

http-request deny if !src1 !adminservice admin

What I am trying to do is to block access to IPs other than src1 IPs to admin.domainname.com.
But the result I am getting is, I have access to admin.domainname.com after refreshing the page a few times. First it gives a 403 error but if I keep hitting refresh I am able to access the url.

Is the order of the condition in the action wrong? Could you please tell me what will be the result based on the above’s configuration?

Thanks,
aka

I’d use something like this:

  acl src1 src 1.2.3.4
  acl admin hdr(host) -m beg admin.
  http-request deny unless src1 admin 

your problem is that admin will match for both admin.domain and adminservice.domain.
you can also use the dom match, ie:

  acl src1 src 1.2.3.4
  acl admin hdr(host) -m dom admin
  http-request deny unless src1 admin