Tuesday, November 28, 2017

HAProxy stats question

In the HAProxy stats service(?) is it possible to restrict access to the stats page by source IP address? Here is the relevant config in haproxy.cfg:

listen stats bind *:1936 stats enable stats uri / stats hide-version stats auth X:Y 

I've tried using an ACL like this:

 mode tcp acl network_allowed src 192.168.1.1 tcp-request connection reject if !network_allowed 

but I can't connect to the stats page at all with the above. Is what I am attempting possible? I would like to keep the "security" of this configuration inside the haproxy config if possible, but if I have to I will restrict with iptables.



No comments:

Post a Comment