Netgate Discussion Forum
    • Categories
    • Recent
    • Tags
    • Popular
    • Users
    • Search
    • Register
    • Login

    Can i whitelist ip addresses before passing https traffic to haproxy?

    Scheduled Pinned Locked Moved pfSense Packages
    10 Posts 2 Posters 1.4k Views
    Loading More Posts
    • Oldest to Newest
    • Newest to Oldest
    • Most Votes
    Reply
    • Reply as topic
    Log in to reply
    This topic has been deleted. Only users with topic management privileges can see it.
    • J
      justinxa
      last edited by

      Hi ,

      I have haproxy configured on my firewall. Can i whitelist ip addresses before passing https traffic to haproxy? Could someone please guide ?

      Regards,
      Justin X.

      1 Reply Last reply Reply Quote 0
      • bepoB
        bepo
        last edited by

        @justinxa said in Can i whitelist ip addresses before passing https traffic to haproxy?:

        I have haproxy configured on my firewall. Can i whitelist ip addresses before passing https traffic to haproxy? Could someone please guide ?
        Regards,
        Justin X.

        What do you mean with whitelist? You can configure a firewall rule on your haproxy interface (WAN?) to allow only special ip addresses.

        Please use the thumbs up button if you received a helpful advice. Thank you!

        1 Reply Last reply Reply Quote 0
        • J
          justinxa
          last edited by

          Thanks for the reply,

          My main issue is that i am unable to add headers to ssl mode traffic at the haproxy Frontend. How can i achieve that? Because after the traffic passes, post backend then i am not able to get the original source ipaddres. It only returns the LAN ipv4 address of the F/W interface. All response and support are appreciated.

          Regards,
          Justin

          bepoB 1 Reply Last reply Reply Quote 0
          • bepoB
            bepo @justinxa
            last edited by

            @justinxa if you need the original source address, please enable the "forwardfor" option under Advanced settings in your Frontend configuration.

            Please use the thumbs up button if you received a helpful advice. Thank you!

            1 Reply Last reply Reply Quote 0
            • J
              justinxa
              last edited by

              @bepo Thanks for the response. The advanced settings for the frontend configuration is as shown in the snap. 0_1548757986776_8e4bfcc1-2207-48bf-a287-2e0fe2a8b3a8-image.png

              But i cant find that forwardfor option. Could you please guide me here? Thanks.

              Regards,
              Justin X.

              bepoB 1 Reply Last reply Reply Quote 0
              • bepoB
                bepo @justinxa
                last edited by

                @justinxa strange. It should be located in this setting.

                https://sysadms.de/wp-content/uploads/2018/10/httpsfrontend.png
                (https://sysadms.de/2018/10/pfsense-haproxy-als-reverse-proxy/)

                Here you can see this setting. Maybe you should check the other settings an why this checkbox is missing.

                Kind regards

                Please use the thumbs up button if you received a helpful advice. Thank you!

                1 Reply Last reply Reply Quote 0
                • bepoB
                  bepo
                  last edited by

                  I got it. You should use the (http / https offloading) setting in the Edit HAProxy Frontend section.

                  0_1548758889593_4c959562-22e5-470d-aa43-0ad2b1a47ed5-image.png

                  Please use the thumbs up button if you received a helpful advice. Thank you!

                  1 Reply Last reply Reply Quote 0
                  • J
                    justinxa
                    last edited by

                    @bepo Thanks for the response.

                    Let me try this option again. Previously i had tried http/https option before ssl/https mode. but i wasnt able to configure it properly.

                    Regards,
                    Justin X.

                    J 1 Reply Last reply Reply Quote 0
                    • J
                      justinxa @justinxa
                      last edited by

                      @bepo Thanks bepo it really solved my issue

                      1 Reply Last reply Reply Quote 0
                      • bepoB
                        bepo
                        last edited by

                        Nice! I am happy that this helped you! :-)
                        Please dont forget to upvote 🐕

                        Please use the thumbs up button if you received a helpful advice. Thank you!

                        1 Reply Last reply Reply Quote 0
                        • First post
                          Last post
                        Copyright 2025 Rubicon Communications LLC (Netgate). All rights reserved.