Last active
August 29, 2015 14:18
-
-
Save philcryer/98ccc98f76d0c39403a4 to your computer and use it in GitHub Desktop.
haproxy - deny connection from domain, but not if from this IP
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| global | |
| log 127.0.0.1 syslog info | |
| daemon | |
| user haproxy | |
| group haproxy | |
| maxconn 64000 | |
| spread-checks 4 | |
| tune.ssl.default-dh-param 2048 | |
| defaults | |
| log global | |
| timeout connect 30000ms | |
| maxconn 64000 | |
| timeout client 900000ms | |
| timeout server 900000ms | |
| frontend http-in | |
| mode http | |
| bind :80 | |
| option httplog | |
| option forwardfor | |
| ######################################################### | |
| # deny connections from *-int.domain.com | |
| # except those from IP 10.20.30.40 | |
| # | |
| #acl int-domaincom hdr(host) -i -- *-int.domain.com | |
| #acl int-tentwenty src 10.20.30.40 | |
| #http-request deny if int-domaincom | |
| #http-request deny unless int-tentwenty | |
| acl int-tenthirty src 10.30.0.126 | |
| acl int-domaincom hdr(host) -i -- *-int.domain.com | |
| http-request deny unless int-tenthirty | |
| http-request deny if int-domaincom | |
| ######################################################### | |
| reqadd X-Forwarded-Proto:\ http | |
| default_backend http-routers | |
| backend http-routers | |
| mode http | |
| balance roundrobin | |
| server node41 10.20.30.41:80 check inter 1000 | |
| server node42 10.20.30.42:80 check inter 1000 |
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment