I’m using HAProxy on my firewall (IPFire) for SSL termination which works perfectly for some existing servers on backend.
I’ve now setup a new internal server and passing any https requests (from external) through HAProxy to this server. The basic setup works w/o any issues so far.
I wonder how to deny public access to this server and allow only LAN clients, while still using https requests to the server.
I know that HAProxy can use ACLs based on IP-address ranges, however, will internal clients still be able to use HAProxy’s SSL termination if such ACLs are in place?