Search Hashnode

Search posts, tags, users, and pages

Discussion on "HAProxy: Restrict access by IP address" | Hashnode

Feed

Discussion

Black Fedora

Apr 2, 2022

HAProxy: Restrict access by IP address

Keep in mind that this is a static configuration, which is not very effective against adversarial attacks when an attacker constantly changes their tactics. By default HAProxy configuration file is located at /etc/haproxy/haproxy.cfg. To block a sing...

blackfedora.dev2 min read

#security #proxy

Responses(1)

Nov 7, 2023

Nice! How do you do this to block CIDR ranges from a different header? E.g get the IP from the X-Forwarded-For header and compare against a blacklist?

Most discussed in Forum

T
Just wanted to introduce myself.
13O G5d ago
S
Hello, my name is Shoban Chiddarth
22Y5d ago
S
The Three Pillars of a Great Developer
22M P3d ago
D
Most people don’t want AI. They want an app that feels smarter than yesterday.
22O C2d ago
D
What's next career of dot net developer after 6 years experience?
224d ago

View all threads

Recent in Forum

C
Hi, I'm Chozharajan
Just now
S
Hey! I'm building Sik Genesis — AI-powered civilization builder for communities
14m ago
V
Is a 100/100 PageSpeed score on mobile a "lost cause" for React apps? 🚀
5h ago
D
Be honest: is AI making you a better developer or just a more anxious one?
21F15h ago
A
I vibe-coded FixMyRNError
15h ago

View all threads

Nov 9, 2023

Oh wow! Thanks Black Fedora for this config guide. I have spent all day playing around with it.

I'm in tcp mode so I used tcp-request content deny instead of http-request denyand found out I needed to add tcp-request inspect-delay 5s to make it work. Does that sounds about right?

Black Fedora

Jan 14, 2024

JV didn't get the notification about the reply!

I think you're on the right track! Using tcp-request content deny along with tcp-request inspect-delay 5s in HAProxy for TCP mode is a good approach. The inspect delay gives HAProxy time to gather enough data to enforce your rule effectively. I would fine-tune the delay time as needed for the best balance between security and performance. Great job figuring this out!

Jan 25, 2024

Black Fedora No worries! This config seems to be working well for me. I lowered the inspect-delay to 3s. Thanks for your help and advice.