In the HAProxy stats service(?) is it possible to restrict access to the stats page by source IP address? Here is the relevant config in haproxy.cfg:
listen stats bind *:1936 stats enable stats uri / stats hide-version stats auth X:Y
I've tried using an ACL like this:
mode tcp acl network_allowed src 192.168.1.1 tcp-request connection reject if !network_allowed
but I can't connect to the stats page at all with the above. Is what I am attempting possible? I would like to keep the "security" of this configuration inside the haproxy config if possible, but if I have to I will restrict with iptables.
No comments:
Post a Comment