Help about Haproxy control list, how can allow only some specific links to pass haproxy server

yanggis · July 5, 2016, 3:27am

Help about Haproxy control list, how can allow only some specific links to pass haproxy server
Dear all, I have a domain whitelist file, which includes around 200 links. The whitelist looks like:

facebook.com
google.com

…
bbc.com

I want to create a acl control list to only allow the domains in the whitelist to pass my server. At present, I tried the config file, but unfortunately it doesnt work as expected:

default_backend b_deadend_http
use_backend http_ok if { hdr_beg(host) -f /etc/haproxy/white.lst }

I’m not sure what’s wrong, does the whitelist file require any special format? or the acl rule is problematic?

Any tips will be appreciated.

lukastribus · July 5, 2016, 7:20am

Are you hosting facebook, Google and Amazon? Probably not. But your configuration checks the Host header.

It does not check the HTTP body for links and replaces them, is that what you want? Haproxy cannot do that afaik (unless there is something that can be done with LUA, I’m not sure).

yanggis · July 5, 2016, 7:44am

Dear lukastribus,
Thanks for your kind response.

I’m not hosting facebook, goolge or Amazon. I wanna to use Haproxy as a reverse proxy server.

So I want the Haproxy allows only some specific domains in the whitelist to pass my server. As I have more than 200 domains, if I add all the domains to haproxy.cfg, it would be not convenient to maintain them. I want to creat a whitelist file, such as, whitelist.lst, and put all the domains into the file.

In the config file haproxy.cfg, I wanna use one acl rule to filter requests, such as:

use_backend http_ok if { hdr_beg(host) -f /etc/haproxy/white.lst }

The current problem is that I dont know how to prepare the white.lst file, is it okay to just put the domains into a text file, like:

#--------start------------
acebook.com
google.com

…
bbc.com
#--------end------------

Does the whitelist file require any special format?

lukastribus · July 5, 2016, 8:57am

Just specify one domain per line, as you did above. No special formatting needed.

I’m still not sure what you want to achieve though.

yanggis · July 5, 2016, 9:12am

Dear lukastribus,
Thanks, I will test it ASAP.

Topic		Replies	Views
PFsense custom acl whitelist IP alias backend specific block reject others Help!	3	4824	November 27, 2020
Domain base routing Help!	0	38	August 12, 2024
Set whitelist for TLS interception (ssl crt option) Help!	17	1365	April 6, 2021
Segregate haproxy ACLs Help!	0	327	December 22, 2021
Need help with multiple domains, one public IP Help!	2	3744	March 7, 2021

Help about Haproxy control list, how can allow only some specific links to pass haproxy server

Related topics