Hi,
I have an HAProxy with more than twenty backends and I need to limit access to one specific backend, CP-API.MACKMIL.COM, to the following internal network subnets:
10.10.0.0/16
10.20.0.0/16
10.30.0.0/16
10.40.0.0/16
Currently, with the following query, this domain, CP-API.MACKMIL.COM, can be accessed from the outside world but I want to limit that.
curl -vvv -H'Host: cp-api.mackmil.com' https://api.mackmil.com/initializations
My Haproxy config is as follows,
frontend http-https
bind :80 accept-proxy
bind :443 accept-proxy ssl crt /etc/pki/tls/private/wildcard.mackmil.com.pem crt /etc/pki/tls/private/wildcard.mackmil.de.pemacl host_cp hdr(host) -i cp-api.mackmil.com acl host_cp hdr(host) -i cp-api.prod.mackmil.com use_backend app_cp if host_cpbackend app_cp
server swarm-worker_10.10.30.199 10.10.30.199:64042 check
server swarm-worker_10.10.40.114 10.10.40.114:64042 check
server swarm-worker_10.20.40.159 10.20.40.159:64042 check
server swarm-worker_10.20.30.190 10.20.30.190:64042 check
server swarm-worker_10.30.40.143 10.30.40.143:64042 check
server swarm-worker_10.30.40.161 10.30.40.161:64042 check
server swarm-worker_10.40.40.107 10.40.40.107:64042 check
server swarm-worker_10.40.40.107 10.40.40.107:64042 check
I am struggling on applying this restriction in HTTP/HTTPS mode for just this endpoint. How can I apply this restrication for this backend?
Thank you very much in advance for your answers.