HAproxy-devel and multiple ACL's
-
Hi
I have started using using HAproxy-devel as a reverse HTTP/HTTPS proxy since i've had several problems with squid reverse.
I like HAproxy a lot and had no problems getting it to work (listening on loopback).
But i have some issues thightning security. I don't wan't an open proxy but would like to specifically only allow certain hostname/path combinations. But i can't seem to do both in one ACL. Eksample:
I only want to allow access to https://host.domain.com/owa on my exchange, but i can't do that in one ACL. If i make two ACL's, the hostname ACL will give me access to the root folder (and any other folders on the server).
How can i secure that properly? I was thinking: use the regex ACL, but I cant seem to get a proper syntax working…..Could anyone post a post a bunch of config examples from the GUI that would solve my problem?
-Keyser
-
if you add the two acl's with the same acl name, they will be combined. this should produce the wanted result.
Would look like this:
Result would be this for the acl name "MyAclCombined1", (didn't check if below config works..) :
acl 0_MyAclCombined1 hdr(host) -i vhost1.pfsense.local
acl 1_MyAclCombined1 path_beg -i /test/
use_backend test_http if 0_MyAclCombined1 1_MyAclCombined1
If you want more advanced combinations of acl's however i think you will need to write them in one of the passthrough sections as 'text'.