Update haproxy.cfg to add condition acl is-blocked-ip src -f /etc/haproxy/blocklisted.ips
frontend fe-lehaproxy
bind *:80
acl is-blocked-ip src -f /etc/haproxy/blocklisted.ips
http-request deny if is-blocked-ip
acl letsencrypt-acl path_beg /.well-known/acme-challenge/
use_backend letsencrypt-backend if letsencrypt-acl
redirect scheme https code 301 if !letsencrypt-acl
frontend fe-verify
bind *:443 ssl crt /etc/certs
acl is-blocked-ip src -f /etc/haproxy/blocklisted.ips
http-request deny if is-blocked-ip
http-request set-header X-Forwarded-Proto https if { ssl_fc }
default_backend mybackend
Blocked list
~:/etc/haproxy# cat blocklisted.ips
32.66.111.255
11.129.81.18
Requests from IP addresses within the blocklisted.ips file will receive 403
Another way to block IP addresses is to update inbound rule of AWS ALC
More about HAProxy
Top comments (0)