Your browser does not seem to support JavaScript. As a result, your viewing experience will be diminished, and you have been placed in read-only mode.

Please download a browser that supports JavaScript, or enable it if it's disabled (i.e. NoScript).

HAProxy Custom ACL with Firewall Alias now working

1 Posts 1 Posters 41 Views

Log in to reply

L

Laxarus
last edited by Laxarus
I am trying to use a rule to whitelist ips for a specific backend in my frontend.

Basically use the X backend, if the host matches xxx.com and ip is whitelisted in a pfsense defined ip alias list.

The problem is I am using the Cloudflare proxy and need to inspect the CF-Connecting-IP.

And to do that I am using Custom ACL like this
```
req.hdr(CF-Connecting-IP) -f /var/etc/haproxy/ipalias_Allowed_IPs.lst
```
The Alias is defined in the firewall named Allowed_IPs.

But this list does not get created unless I use something standard like "Source IP matches IP or IP Alias". Is there another way to refer to the created Aliases so that they are created properly?

The workaround for this is to create a dummy acl with "Source IP matches IP or IP Alias" that does nothing but it is not a good solution.

Edit: One more thing, I noticed is, when the alias list is updated, this does not get reflected to the HAProxy lists in /var/etc/haproxy/ until HAProxy is restarted.
1 Reply Last reply
Reply Quote 0

Copyright 2025 Rubicon Communications LLC (Netgate). All rights reserved.

1 / 1