Restrict Access to Internal Server for LAN clients only


I’m using HAProxy on my firewall (IPFire) for SSL termination which works perfectly for some existing servers on backend.

I’ve now setup a new internal server and passing any https requests (from external) through HAProxy to this server. The basic setup works w/o any issues so far.

I wonder how to deny public access to this server and allow only LAN clients, while still using https requests to the server.

I know that HAProxy can use ACLs based on IP-address ranges, however, will internal clients still be able to use HAProxy’s SSL termination if such ACLs are in place?