• Categories
  • Recent
  • Tags
  • Popular
  • Users
  • Search
  • Register
  • Login
Netgate Discussion Forum
  • Categories
  • Recent
  • Tags
  • Popular
  • Users
  • Search
  • Register
  • Login

HAProxy: Rules based on url?

Scheduled Pinned Locked Moved Cache/Proxy
2 Posts 2 Posters 181 Views
Loading More Posts
  • Oldest to Newest
  • Newest to Oldest
  • Most Votes
Reply
  • Reply as topic
Log in to reply
This topic has been deleted. Only users with topic management privileges can see it.
  • O
    oguruma
    last edited by oguruma Jul 31, 2024, 11:29 PM Jul 31, 2024, 11:28 PM

    I have a CRM/ERP System called ERPNext behind my firewall.

    ERPNext includes a front-end website, as well as the backend for the business-specific applications.

    I'd like to restrict example.com/app/* (the backend for business users) to specific IP addresses (basically my LAN or VPN'd into the LAN), while if the destination is example.com/'anything-but-app'* (the website) can accept connections from any IP address.

    Is this possible with HAProxy?

    V 1 Reply Last reply Aug 1, 2024, 1:44 PM Reply Quote 0
    • V
      viragomann @oguruma
      last edited by Aug 1, 2024, 1:44 PM

      @oguruma said in HAProxy: Rules based on url?:

      I'd like to restrict example.com/app/* (the backend for business users) to specific IP addresses (basically my LAN or VPN'd into the LAN), while if the destination is example.com/'anything-but-app'* (the website) can accept connections from any IP address.

      These are two rules in fact. Do you really need both of them?

      Assuming it is sufficient to restrict access to example.com/app/*, you can do it this way:

      In Firewall > Aliases create an alias for the allowed networks, say AllowedNets.

      Then create an ACL, call it "AllowedNets", "Source IP matches IP or Aliases", check "Not" and state AllowedNets as value.

      If you also need to limit the rule to the certain host create an "host matches" ACL and put example.com into the value box. Call it MyHost.

      Add an ACL, say "MyPath", "Path starts with" "/app/".

      Create an action "http-request deny", in the condition ACL box insert "MyHost MyPath AllowedNets" (all the ACL you've created before, separated by spaces).

      1 Reply Last reply Reply Quote 0
      1 out of 2
      • First post
        1/2
        Last post
      Copyright 2025 Rubicon Communications LLC (Netgate). All rights reserved.
        This community forum collects and processes your personal information.
        consent.not_received