Hi Guys,
I am creating a whitelist of subnets allowed to access HAPROXY during
maintenance. Basically I want to redirect everyone to our maintenance page
other than users in the whitelisted file.
Here is my config...
frontend https-in
bind *:443 ssl crt /etc/ssl/xxx.xxxx.com.chain.pem
reqadd X-Forwarded-Proto:https
reqadd X-Forwarded-Port:443
timeout client 600000
# Capture Headers
capture request header If-Modified-Since len 50
capture request header X-Forwarded-For len 50
acl whitelist hdr_ip(X-Forwarded-For) -f /etc/haproxy/whitelist.lst
redirect location http://www.mysite.com/maintenence if !whitelist
default_backend web
This is not working and is forwarding everyone to the maintenance page despite
being a member of a whitelisted subnet. (10.0.0.0/8)
Is using the hdr_ip(X-Forwarded-For) in the acl the way to go or is there a
better way to redirect everyone but a few whitelisted subnets?
Thanks in advance for any help you can offer.
John Dzialo | Linux System Administrator
Direct 203.783.8163 | Main 800.352.0050
Environmental Data Resources, Inc.
440 Wheelers Farms Road, Milford, CT 06461
www.edrnet.com<http://www.edrnet.com/> |
commonground.edrnet.com<http://commonground.edrnet.com/>
[Description: Description: Description: Description: Description:
EDR_logo4color_EDR_only_80px2]
