First of all I have to thank you for HAProxy. I also want to explain, that this is a crosspost - the other post is here (https://serverfault.com/questions/988721/require-a-http-authentication-only-for-connections-from-outside-my-lan-in-haprox) but didn’t receive an answer yet so I thought I might ask in a community that is more specialised!
My frontend contains these lines to require a HTTP authentication
# Authentication acl ValidOctoPrintUser http_auth(OctoPrintUsers) http-request auth realm octoprint if !ValidOctoPrintUser
Now I want this authentication only for connections from outside of my LAN. Inside my LAN access should be granted without authentication.
I succeeded to do this for a single IP address like this:
# Authentication acl ValidOctoPrintUser http_auth(OctoPrintUsers) # Exclude internal IPs from Authentication acl InternalIP src -i 192.168.0.123 http-request auth realm octoprint if !InternalIP !ValidOctoPrintUser
However, I cannot achieve to do this for a range of IP addresses (like 192.168.0.[100-250] or a little less specific 192.168.0.*).
Can you point me a way to to this? Or is there even a better way to identify requests coming from inside my LAN?