• Categories
  • Recent
  • Tags
  • Popular
  • Users
  • Search
  • Register
  • Login
Netgate Discussion Forum
  • Categories
  • Recent
  • Tags
  • Popular
  • Users
  • Search
  • Register
  • Login

HaProxy with custom ACL

Scheduled Pinned Locked Moved Cache/Proxy
1 Posts 1 Posters 725 Views
Loading More Posts
  • Oldest to Newest
  • Newest to Oldest
  • Most Votes
Reply
  • Reply as topic
Log in to reply
This topic has been deleted. Only users with topic management privileges can see it.
  • R
    Rupesh
    last edited by Rupesh Apr 29, 2021, 1:50 PM Apr 29, 2021, 1:46 PM

    HaProxy with custom ACL

    Pf-sense 2.5.1 with HAPxoxy and pf-blocker NG

    Wan Side - One WAN interface on custom 44xxx port

    LAN side - One LAN interface with multiple services such as next-cloud , several web applications and others, on multiple vm's( hyperV) ports.

    based on present configuration in HA proxy with shared front end on port 443, with ACL rules iIam able to access my services externally using different noip host-names ( lets-encrypt certificates)

    Problem -
    1 => I am unable to use Aliases ( domain names configured in firewall rules) as source IP matches IP or Alias to allow access from specific hosts(xyz.ddns.net), since, as soon as my public ip changes i am unable to access the service.

    2=>Can i use aliases generated by pfblockerNG, like allowing access from certain country only?

    3=> How can i chain two conditions together like a website is only accessible if and only if both conditions are true such as - host must match and source ip or alias must match.

    4=>If i have manually set same source IP or Alias (eg 11.22.33.44) for abc.ddns.net hostname and source IP or Alias (eg 11.22.33.44) for def.ddns.net hostname, then when trying to access def.ddns.net its always pointing to abc.ddns.net which is surely unwanted and this is why i want to chain ac conditions together.

    please help me out on this, I had been using pfsense for quite a while but surely i do not have profound knowledge about this HAproxy#anchor(title)

    1 Reply Last reply Reply Quote 0
    1 out of 1
    • First post
      1/1
      Last post
    Copyright 2025 Rubicon Communications LLC (Netgate). All rights reserved.
      This community forum collects and processes your personal information.
      consent.not_received