Restricting URLs to an IP range

Hey folks,

I’ve got three web servers balanced by two HAProxy servers that all need to be accessible to anyone on the internet. There’s an admin login page at a separate URL (essentially cloud.domain.com and cloud.domain.com/admin). I’d like that admin page only accessible by people on-prem or on our VPN (basically anyone with a 10...* address) to increase security.

I tried setting that to be true from the web servers themselves, but since all the connections are being made by the HAProxy servers (which sit on the 10...* subnet), it just passes all traffic along.

Has anyone had any experience with this? Thank you in advance :slight_smile:

You should be able to use something like this. This is only based on the uri but you can write another acl to check the hostname if needed.

http-request deny if { path -i -m beg /admin } !{ src -f /etc/hapee-2.8/whitelist.lst }
:/etc/hapee-2.8$ cat /etc/hapee-2.8/whitelist.lst
17.1.1.1/32
17.1.1.2/32
1.1.0.0/16
1 Like

That’s worked perfectly, thank you so much!