How to restrict access for a back-end just to the internal network


I have an HAProxy with more than twenty backends and I need to limit access to one specific backend, CP-API.MACKMIL.COM, to the following internal network subnets:

Currently, with the following query, this domain, CP-API.MACKMIL.COM, can be accessed from the outside world but I want to limit that.
curl -vvv -H'Host:'

My Haproxy config is as follows,

frontend http-https
bind :80 accept-proxy
bind :443 accept-proxy ssl crt /etc/pki/tls/private/ crt /etc/pki/tls/private/

acl host_cp  hdr(host) -i
acl host_cp  hdr(host) -i

use_backend app_cp   if host_cp

backend app_cp
server swarm-worker_10.10.30.199 check
server swarm-worker_10.10.40.114 check
server swarm-worker_10.20.40.159 check
server swarm-worker_10.20.30.190 check
server swarm-worker_10.30.40.143 check
server swarm-worker_10.30.40.161 check
server swarm-worker_10.40.40.107 check
server swarm-worker_10.40.40.107 check

I am struggling on applying this restriction in HTTP/HTTPS mode for just this endpoint. How can I apply this restrication for this backend?

Thank you very much in advance for your answers.

Put this in that backend:

acl internal_subnets src
acl internal_subnets src
acl internal_subnets src
acl internal_subnets src
http-request deny if ! internal_subnets
1 Like