Restricting URLs to an IP range

flea · October 25, 2023, 8:13pm

Hey folks,

I’ve got three web servers balanced by two HAProxy servers that all need to be accessible to anyone on the internet. There’s an admin login page at a separate URL (essentially cloud.domain.com and cloud.domain.com/admin). I’d like that admin page only accessible by people on-prem or on our VPN (basically anyone with a 10...* address) to increase security.

I tried setting that to be true from the web servers themselves, but since all the connections are being made by the HAProxy servers (which sit on the 10...* subnet), it just passes all traffic along.

Has anyone had any experience with this? Thank you in advance

randomguy · October 25, 2023, 9:05pm

You should be able to use something like this. This is only based on the uri but you can write another acl to check the hostname if needed.

http-request deny if { path -i -m beg /admin } !{ src -f /etc/hapee-2.8/whitelist.lst }

:/etc/hapee-2.8$ cat /etc/hapee-2.8/whitelist.lst
17.1.1.1/32
17.1.1.2/32
1.1.0.0/16

flea · October 25, 2023, 10:31pm

That’s worked perfectly, thank you so much!

Topic		Replies	Views
Stats page access restricted by IP for admin Help!	1	1266	April 6, 2021
Help needed: I am trying to use HAProxy to deny access from internet to a specific URL Help!	0	733	October 9, 2023
Haproxy to prevent access to all but selected URLs on a backend Help!	1	1570	April 27, 2019
Block Sub URL for all except list of few IPs Help!	2	7113	January 14, 2017
Haproxy acl to block ips and host header Help!	2	2474	December 17, 2020

Restricting URLs to an IP range

Related Topics