Otdfbt

How to learn Linux system internals

A map of non-pathological topology?

I have a problematic assistant manager, but I can't fire him

Explain the ending of Black Mirror's "Smithereens"

Excel division by 0 error when trying to average results of formulas

Is it expected that a reader will skip parts of what you write?

How to safely destroy (a large quantity of) valid checks?

Which is the better way to call a method that is only available to one class that implements an interface but not the other one?

Should I refuse being named as co-author of a bad quality paper?

How can I end combat quickly when the outcome is inevitable?

What is the color of artificial intelligence?

How to hide rifle during medieval town entrance inspection?

Electricity free spaceship

Which languages would be most useful in Europe at the end of the 19th century?

Fundamental group of the real projective plane and its universal cover

Is it possible for a vehicle to be manufactured without a catalytic converter?

Should I put programming books I wrote a few years ago on my resume?

How to communicate to my GM that not being allowed to use stealth isn't fun for me?

Bb13b9 confusion

How can I deal with uncomfortable silence from my partner?

Is it possible to have a wealthy country without a middle class?

Scientist couple raises alien baby

What does 思ってやっている mean?

How do free-speech protections in the United States apply in public to corporate misrepresentations?

Blocking client IP in HAProxy

mod_evasive behind HAPROXYBlocking the port using HaproxyHAProxy URL Introspectionhaproxy and forwarding client IP address to servershaproxy transparent mode on 14.04HAProxy not forwarding client headersHAProxy configuration for blocking IPs for sub URLsIs HAProxy (1.7.5) logging synchronous (i.e. blocking) or asynchronous (i.e. non-blocking)?Regular expression to restrict URL in HAProxyStuck at setting up full proxy with HAProxy

.everyoneloves__top-leaderboard:empty,.everyoneloves__mid-leaderboard:empty,.everyoneloves__bot-mid-leaderboard:empty height:90px;width:728px;box-sizing:border-box;

1

I need to block certain client IP address say 1.2.3.4 and 2.3.4.5 to access "example.com/abc/def", but both can access example.com/.

The client IPs are behind the CloudFlare.

Client IP ==> CloudFlare ==> HAProxy

haproxy

share|improve this question

asked Jan 9 '17 at 23:02

ArvindArvind

64

add a comment | 

1

I need to block certain client IP address say 1.2.3.4 and 2.3.4.5 to access "example.com/abc/def", but both can access example.com/.

The client IPs are behind the CloudFlare.

Client IP ==> CloudFlare ==> HAProxy

haproxy

share|improve this question

asked Jan 9 '17 at 23:02

ArvindArvind

64

add a comment | 

I need to block certain client IP address say 1.2.3.4 and 2.3.4.5 to access "example.com/abc/def", but both can access example.com/.

The client IPs are behind the CloudFlare.

Client IP ==> CloudFlare ==> HAProxy

haproxy

share|improve this question

asked Jan 9 '17 at 23:02

ArvindArvind

64

share|improve this question

asked Jan 9 '17 at 23:02

ArvindArvind

64

share|improve this question

asked Jan 9 '17 at 23:02

ArvindArvind

64

asked Jan 9 '17 at 23:02

ArvindArvind

64

asked Jan 9 '17 at 23:02

ArvindArvind

64

1 Answer
1

active

oldest

votes

0

Well basically first you need to define the acl. There you will specify the ip address or the CIDR you want to block.

acl block_ip src 1.2.3.4 32.42.51.62 45.56.67.7/16

Then another acl in which you will define the URL you want to restrict.

acl my_path path_beg -i /abc/def

then just use both the acl to block the user on that particular path

block if block_ip my_path

here you can find more info on this.

share|improve this answer

answered Jan 10 '17 at 6:57

Gaurav PundirGaurav Pundir

988612

add a comment | 

Your Answer

StackExchange.ready(function()
var channelOptions =
tags: "".split(" "),
id: "2"
;
initTagRenderer("".split(" "), "".split(" "), channelOptions);

StackExchange.using("externalEditor", function()
// Have to fire editor after snippets, if snippets enabled
if (StackExchange.settings.snippets.snippetsEnabled)
StackExchange.using("snippets", function()
createEditor();
);

else
createEditor();

);

function createEditor()
StackExchange.prepareEditor(
heartbeatType: 'answer',
autoActivateHeartbeat: false,
convertImagesToLinks: true,
noModals: true,
showLowRepImageUploadWarning: true,
reputationToPostImages: 10,
bindNavPrevention: true,
postfix: "",
imageUploader:
brandingHtml: "Powered by u003ca class="icon-imgur-white" href="https://imgur.com/"u003eu003c/au003e",
contentPolicyHtml: "User contributions licensed under u003ca href="https://creativecommons.org/licenses/by-sa/3.0/"u003ecc by-sa 3.0 with attribution requiredu003c/au003e u003ca href="https://stackoverflow.com/legal/content-policy"u003e(content policy)u003c/au003e",
allowUrls: true
,
onDemand: true,
discardSelector: ".discard-answer"
,immediatelyShowMarkdownHelp:true
);



);

draft saved

draft discarded

Sign up or log in

StackExchange.ready(function ()
StackExchange.helpers.onClickDraftSave('#login-link');
);

Sign up using Google

Sign up using Facebook

Sign up using Email and Password

Post as a guest

Name

Email

Required, but never shown

StackExchange.ready(
function ()
StackExchange.openid.initPostLogin('.new-post-login', 'https%3a%2f%2fserverfault.com%2fquestions%2f825193%2fblocking-client-ip-in-haproxy%23new-answer', 'question_page');

);

Post as a guest

Name

Email

Required, but never shown

0

Well basically first you need to define the acl. There you will specify the ip address or the CIDR you want to block.

acl block_ip src 1.2.3.4 32.42.51.62 45.56.67.7/16

Then another acl in which you will define the URL you want to restrict.

acl my_path path_beg -i /abc/def

then just use both the acl to block the user on that particular path

block if block_ip my_path

here you can find more info on this.

share|improve this answer

answered Jan 10 '17 at 6:57

Gaurav PundirGaurav Pundir

988612

add a comment | 

0

Well basically first you need to define the acl. There you will specify the ip address or the CIDR you want to block.

acl block_ip src 1.2.3.4 32.42.51.62 45.56.67.7/16

Then another acl in which you will define the URL you want to restrict.

acl my_path path_beg -i /abc/def

then just use both the acl to block the user on that particular path

block if block_ip my_path

here you can find more info on this.

share|improve this answer

answered Jan 10 '17 at 6:57

Gaurav PundirGaurav Pundir

988612

add a comment | 

Well basically first you need to define the acl. There you will specify the ip address or the CIDR you want to block.

acl block_ip src 1.2.3.4 32.42.51.62 45.56.67.7/16

Then another acl in which you will define the URL you want to restrict.

acl my_path path_beg -i /abc/def

then just use both the acl to block the user on that particular path

block if block_ip my_path

here you can find more info on this.

share|improve this answer

answered Jan 10 '17 at 6:57

Gaurav PundirGaurav Pundir

988612

acl block_ip src 1.2.3.4 32.42.51.62 45.56.67.7/16

acl my_path path_beg -i /abc/def

block if block_ip my_path

share|improve this answer

answered Jan 10 '17 at 6:57

Gaurav PundirGaurav Pundir

988612

answered Jan 10 '17 at 6:57

Gaurav PundirGaurav Pundir

988612

answered Jan 10 '17 at 6:57

Gaurav PundirGaurav Pundir

988612