• Categories
  • Recent
  • Tags
  • Popular
  • Users
  • Search
  • Register
  • Login
Netgate Discussion Forum
  • Categories
  • Recent
  • Tags
  • Popular
  • Users
  • Search
  • Register
  • Login

How to reject requested path without getting to webserver with HaProxy

Cache/Proxy
2
4
644
Loading More Posts
  • Oldest to Newest
  • Newest to Oldest
  • Most Votes
Reply
  • Reply as topic
Log in to reply
This topic has been deleted. Only users with topic management privileges can see it.
  • L
    LakeWorthB
    last edited by Sep 20, 2020, 1:48 AM

    I am using HaProxy, and I would like to reject a requested path, but not have any request go to webserver. It seems that the path options ads a http-request test, which ends up going to the server at least for a hit, even when returning an error. If I try adding a tcp-request deny rule, I get this error: "a 'tcp-request' rule placed after an 'http-request' rule will still be processed before." because the http-request rule is used to get the path. What is the best way to do this?

    Thanks.

    1 Reply Last reply Reply Quote 0
    • D
      Derelict LAYER 8 Netgate
      last edited by Sep 20, 2020, 4:49 AM

      What do you want to be sent back to the web client?

      Chattanooga, Tennessee, USA
      A comprehensive network diagram is worth 10,000 words and 15 conference calls.
      DO NOT set a source address/port in a port forward or firewall rule unless you KNOW you need it!
      Do Not Chat For Help! NO_WAN_EGRESS(TM)

      L 1 Reply Last reply Sep 20, 2020, 10:32 AM Reply Quote 0
      • L
        LakeWorthB @Derelict
        last edited by Sep 20, 2020, 10:32 AM

        @Derelict either no response, or 403.

        1 Reply Last reply Reply Quote 0
        • D
          Derelict LAYER 8 Netgate
          last edited by Sep 20, 2020, 3:12 PM

          So match the URL and use http-request deny in the frontend.

          https://www.haproxy.com/blog/introduction-to-haproxy-acls/

          login-to-view

          login-to-view

          Chattanooga, Tennessee, USA
          A comprehensive network diagram is worth 10,000 words and 15 conference calls.
          DO NOT set a source address/port in a port forward or firewall rule unless you KNOW you need it!
          Do Not Chat For Help! NO_WAN_EGRESS(TM)

          1 Reply Last reply Reply Quote 0
          3 out of 4
          • First post
            3/4
            Last post
          Copyright 2025 Rubicon Communications LLC (Netgate). All rights reserved.