HAproxy-devel and multiple ACL's

keyser

Hi

I have started using using HAproxy-devel as a reverse HTTP/HTTPS proxy since i've had several problems with squid reverse.

I like HAproxy a lot and had no problems getting it to work (listening on loopback).

But i have some issues thightning security. I don't wan't an open proxy but would like to specifically only allow certain hostname/path combinations. But i can't seem to do both in one ACL. Eksample:

I only want to allow access to https://host.domain.com/owa on my exchange, but i can't do that in one ACL. If i make two ACL's, the hostname ACL will give me access to the root folder (and any other folders on the server).
How can i secure that properly? I was thinking: use the regex ACL, but I cant seem to get a proper syntax working…..

Could anyone post a post a bunch of config examples from the GUI that would solve my problem?

-Keyser

PiBa

if you add the two acl's with the same acl name, they will be combined. this should produce the wanted result.

Would look like this:
Result would be this for the acl name "MyAclCombined1", (didn't check if below config works..) :
acl        0_MyAclCombined1  hdr(host) -i vhost1.pfsense.local
acl        1_MyAclCombined1  path_beg -i /test/
use_backend      test_http if 0_MyAclCombined1 1_MyAclCombined1
If you want more advanced combinations of acl's however i think you will need to write them in one of the passthrough sections as 'text'.