Hi,
I’m using HAproxy to connect and control the connection of client IP addresses.
How can I log an IP block by ACL?
I’m using following method to block connections from IP addresses written in the IP list, but the blocked log is not recorded in the log file.Could you someone please give me some professional advice.
My config is as follows.I want to get the log of blocked.
I’m writing ACL control in the frontend section.
#---------------------------------------------------------------------
# Global settings
#---------------------------------------------------------------------
global
log 127.0.0.1 local2
log-send-hostname
chroot /var/lib/haproxy
pidfile /var/run/haproxy.pid
maxconn 30000
user haproxy
group haproxy
daemon
stats socket /var/lib/haproxy/stats
ssl-default-bind-ciphers PROFILE=SYSTEM
ssl-default-server-ciphers PROFILE=SYSTEM
#---------------------------------------------------------------------
# Defaults settings
#---------------------------------------------------------------------
defaults
mode tcp
log global
maxconn 30000
timeout queue 30s
timeout client 300s
timeout connect 20s
timeout server 90s
timeout check 10s
retries 3
option log-separate-errors
#---------------------------------------------------------------------
# Frontend settings
#---------------------------------------------------------------------
frontend front_in
bind *:<PORT number>
default_backend backend_servers
acl allowed_ip src -f /etc/haproxy/ip.lst
tcp-request connection reject if !allowed_ip
#---------------------------------------------------------------------
# Backend settings
#---------------------------------------------------------------------
backend backend_servers
balance source
server SERVER-01 <IPaddress>:<PORT> check
Sorry for my poor English.Could you please give us your advice.
Thank you very much for your kindly support.