HAproxy-devel and multiple ACL's



  • Hi

    I have started using using HAproxy-devel as a reverse HTTP/HTTPS proxy since i've had several problems with squid reverse.

    I like HAproxy a lot and had no problems getting it to work (listening on loopback).

    But i have some issues thightning security. I don't wan't an open proxy but would like to specifically only allow certain hostname/path combinations. But i can't seem to do both in one ACL. Eksample:

    I only want to allow access to https://host.domain.com/owa on my exchange, but i can't do that in one ACL. If i make two ACL's, the hostname ACL will give me access to the root folder (and any other folders on the server).
    How can i secure that properly? I was thinking: use the regex ACL, but I cant seem to get a proper syntax working…..

    Could anyone post a post a bunch of config examples from the GUI that would solve my problem?

    -Keyser



  • if you add the two acl's with the same acl name, they will be combined. this should produce the wanted result.

    Would look like this:
    Result would be this for the acl name "MyAclCombined1", (didn't check if below config works..) :
    acl        0_MyAclCombined1  hdr(host) -i vhost1.pfsense.local
    acl        1_MyAclCombined1  path_beg -i /test/
    use_backend      test_http if 0_MyAclCombined1 1_MyAclCombined1
    If you want more advanced combinations of acl's however i think you will need to write them in one of the passthrough sections as 'text'.


Log in to reply