How do I add a new IP range in the HAProxy configuration?
Adding a new IP range to the HAProxy configuration can be done by modifying the access control list (ACL) in the configuration file. Here are the steps and examples:
Step 1: Edit the HAProxy configuration file
Open haproxy's configuration file, usually located in /etc/haproxy.haproxy.cfg.
Step 2: Define a new ACL
In the configuration file, find the frontend section and define a new ACL to match the new IP range. For example, if you want to allow traffic from 192.168.2.0/24 and 10.0.0.0/24, you can configure it like this:
plaintext
frontend http_front
bind :80
mode http
Defining a new ACL
acl allowed_ips src 192.168.1.0/24 10.0.0.0/8 192.168.2.0/24 10.0.0.0/24
Use ACLs to restrict access
http-request deny if ! allowed_ips
Default backend
default_backend http_back
Step 3: Restart the HAProxy service
After saving the configuration file, restart the HAProxy service for the changes to take effect:
sudo systemctl restart haproxy
Verification configuration
You can check that the syntax of the HAProxy configuration file is correct with the following command:
sudo haproxy -f /etc/haproxy/haproxy.cfg -c
Example description
- acl allowed_ips src 192.168.1.0/24 10.0.0.0/8 192.168.2.0/24 10.0.0.0/24: An ACL named allowed_ips is defined to allow traffic from the IP address range.
- http-request deny if ! allowed_ips: denies traffic that is not in the ACL.
By following these steps, you can easily add new IP ranges to your HAProxy configuration to enhance your system's access control capabilities.
Adding a new IP range to the HAProxy configuration can be done by modifying the access control list (ACL) in the configuration file. Here are the steps and examples:
Step 1: Edit the HAProxy configuration file
Open haproxy's configuration file, usually located in /etc/haproxy.haproxy.cfg.
Step 2: Define a new ACL
In the configuration file, find the frontend section and define a new ACL to match the new IP range. For example, if you want to allow traffic from 192.168.2.0/24 and 10.0.0.0/24, you can configure it like this:
plaintext
frontend http_front
bind :80
mode http
Defining a new ACL
acl allowed_ips src 192.168.1.0/24 10.0.0.0/8 192.168.2.0/24 10.0.0.0/24
Use ACLs to restrict access
http-request deny if ! allowed_ips
Default backend
default_backend http_back
Step 3: Restart the HAProxy service
After saving the configuration file, restart the HAProxy service for the changes to take effect:
sudo systemctl restart haproxy
Verification configuration
You can check that the syntax of the HAProxy configuration file is correct with the following command:
sudo haproxy -f /etc/haproxy/haproxy.cfg -c
Example description
- acl allowed_ips src 192.168.1.0/24 10.0.0.0/8 192.168.2.0/24 10.0.0.0/24: An ACL named allowed_ips is defined to allow traffic from the IP address range.
- http-request deny if ! allowed_ips: denies traffic that is not in the ACL.
By following these steps, you can easily add new IP ranges to your HAProxy configuration to enhance your system's access control capabilities.
