haproxy to deny access based on url and ip addresses -

-

i'm running haproxy 1.6.8 , want restrict access web's admin login whitelist of ip addresses. can't figure out how properly.

frontend main mode http bind 0.0.0.0:80 acl admin_page path_beg,url_dec -i /admincp acl whitelist src 10.0.0.0/8

my intention use:

http-request deny admin_page unless whitelist

but haproxy check complaints incorrect , can't this.

what's thought?

acl admin_page path_beg,url_dec -i /admincp

this might (?) valid, if is... don't it. there magic taste, passing *_beg through converter. following feels better, safer solution part.

acl admin_page path,url_dec -m beg -i /admincp

take path fetch, run through url_dec (url-unescape) converter, case-insensitive -i match of pattern against beginning -m beg of resulting string.

then, need correct syntax , logic apply it.

http-request deny if admin_page !whitelist

the "and" between 2 acls implicit, , second negated, deny request if request matches admin_page acl , not whitelist acl.


Comments

Post a Comment

Popular posts from this blog

mysql - Dreamhost PyCharm Django Python 3 Launching a Site -

-
i'm new python/django , created simple django website using pycharm. site works fine running on computer, i'm lost when comes taking site onto host (dreamhost). i'm able upload files correct directories fine, , believe made correct changes database on mysql. i'm not sure go there though. right now, page shows files rather site. direction appreciated. much! you should not run django application using python manage.py runserver on production. how run application on django depends on server (apache, nginx) want use for apache - https://docs.djangoproject.com/en/1.10/howto/deployment/wsgi/modwsgi/ for nginx - https://www.digitalocean.com/community/tutorials/how-to-serve-django-applications-with-uwsgi-and-nginx-on-ubuntu-14-04 the mysql database should, of course, exist , have correct credentials. or, if choose use sqlite, file should accessible, readable , writable www-user (may different depending on linux distributive)
Read more

java - Sending SMS with SMSLib and Web Services -

-
i have made rest web service send smss using hsdpa usb modem. using smslib in java send smss. every time web service invoked, create gateway start service, send message, stop service , remove gateway. takes 20 seconds each message. found starting service takes lot of time. part of code use send smss service.getinstance().addgateway(gateway); service.getinstance().startservice(); outboundmessage msg = new outboundmessage(phonenumber, message); if (service.getinstance().sendmessage(msg)) { result = "message sent successfully!!"; } else { result = "could not send message."; } service.getinstance().stopservice(); service.getinstance().removegateway(gateway);//remove gateway is there way can start service once if not started , use send message when ever web service invoked? why dont group messages , send in 1 go? service.getinstance().sendmessages(messa...
Read more

php - What are the best practices for creatiang a "settings" model in Laravel 5? -

-
this first project using laravel (i'm starting 5.2). i'm building self managed website. there's admin should save site settings using later in website. eg: background color, social networks, carousel pictures, products, etc. my first try creating model "setting" with: id | key (unique) | value. when tried save social networks (to display in site header), realized i'd have save in "value" json url, title, etc... ugly implementation relational model, came conclussion bad. created sepparated model socialnetwork with: id | url | image | name. now i'm thinking in loading these models @ once in basecontroller can have through controllers, i'm not sure it's correct. mean, array $settings models part of it: abstract class basecontroller extends controller { protected $settings; ... public function __construct(...) { $this->settings = [ 'backgroundcolor' => 'red', ...
Read more