How To Block IP Addresses In HAProxy

#devops #haproxy #aws #alc

Update haproxy.cfg to add condition acl is-blocked-ip src -f /etc/haproxy/blocklisted.ips



frontend fe-lehaproxy
        bind *:80

        acl is-blocked-ip src -f /etc/haproxy/blocklisted.ips
        http-request deny if is-blocked-ip

        acl letsencrypt-acl path_beg /.well-known/acme-challenge/
        use_backend letsencrypt-backend if letsencrypt-acl
        redirect scheme https code 301 if !letsencrypt-acl

frontend fe-verify
        bind *:443 ssl crt /etc/certs

        acl is-blocked-ip src -f /etc/haproxy/blocklisted.ips
        http-request deny if is-blocked-ip

        http-request set-header X-Forwarded-Proto https if { ssl_fc }
        default_backend mybackend

Blocked list



~:/etc/haproxy# cat blocklisted.ips 
32.66.111.255
11.129.81.18

Requests from IP addresses within the blocklisted.ips file will receive 403

Another way to block IP addresses is to update inbound rule of AWS ALC

More about HAProxy

Top comments (0)

AWS SysOps Administrator: A Complete Guide to Cloud Management

S3CloudHub - Oct 15

Differentiating Docker stop vs Kill

Arif Hossain - Nov 7

Exploring the AWS Well-Architected Tool: A Beginner's Guide

Subhash Bohra - Oct 19

Lambda Performance Evaluation: The Relationship Between Memory and Internal vCPU Architecture, and Their Comparison

takuma818t - Oct 14

DEV Community