HAproxy-devel and multiple ACL's
I have started using using HAproxy-devel as a reverse HTTP/HTTPS proxy since i've had several problems with squid reverse.
I like HAproxy a lot and had no problems getting it to work (listening on loopback).
But i have some issues thightning security. I don't wan't an open proxy but would like to specifically only allow certain hostname/path combinations. But i can't seem to do both in one ACL. Eksample:
I only want to allow access to https://host.domain.com/owa on my exchange, but i can't do that in one ACL. If i make two ACL's, the hostname ACL will give me access to the root folder (and any other folders on the server).
How can i secure that properly? I was thinking: use the regex ACL, but I cant seem to get a proper syntax working…..
Could anyone post a post a bunch of config examples from the GUI that would solve my problem?
if you add the two acl's with the same acl name, they will be combined. this should produce the wanted result.
Would look like this:
Result would be this for the acl name "MyAclCombined1", (didn't check if below config works..) :
acl 0_MyAclCombined1 hdr(host) -i vhost1.pfsense.local
acl 1_MyAclCombined1 path_beg -i /test/
use_backend test_http if 0_MyAclCombined1 1_MyAclCombined1
If you want more advanced combinations of acl's however i think you will need to write them in one of the passthrough sections as 'text'.