Help with backend

flygirl · February 21, 2018, 6:14am

I want to restrict my backend connection to ports 80 and 8080 only and frontend connection to 443 only.

backend HA_NODES
balance roundrobin
mode http
option httpchk GET /health_check.json
description HA_NODES
server app1-stg-7878 10.10.7.31:7878 check fastinter 2000 inter 7000
server app1-stg-7879 10.10.7.31:7879 check fastinter 2000 inter 7000
server app2-stg-7878 10.10.7.32:7878 check fastinter 2000 inter 7000
server app2-stg-7879 10.10.7.32:7879 check fastinter 2000 inter 7000
acl allow_port dst_port 80
http-request allow if allow_port

frontend HA_FRONTEND_HTTPS
bind *:443 ssl crt /etc/ssl/private/code.com.pem
mode http
http-request set-header X-Request-Start t=%Ts%ms
description HA_FRONTEND_HTTPS
default_backend HA_NODES
acl allow_port dst_port 443
http-request allow if allow_port

frontend HA_FRONTEND_HTTP
bind *:80
mode http
http-request set-header X-Request-Start t=%Ts%ms
description HA_FRONTEND_HTTP
default_backend HA_NODES

I tried commenting out frontend HA_FRONTEND_HTTP part and restarted haproxy service but I can still access it using the port 80.

If I try to put deny ACL on backend, this will take effect on frontend as well.

I’m new with haproxy.

Topic		Replies	Views
Help with backend Help!	0	409	February 21, 2018
Haproxy use_backend condition (acl) is missing the backend Help!	2	1074	January 4, 2020
HTTPS SNI on non-standard port not sending to correct backend Help!	2	2139	March 24, 2017
http frontend , backend Help!	1	953	March 19, 2018
Default server/backend for requests do not match ACLs Help!	8	4988	May 17, 2016

Help with backend

Related Topics