Last active
March 14, 2019 16:10
-
-
Save haproxytechblog/a952128796457a2e8f552ec9ba66d3fc to your computer and use it in GitHub Desktop.
IP Masking in HAProxy
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| Feb 8 20:51:28 server1 haproxy[4718]: 192.168.50.5 [08/Feb/2019:20:51:28.816] website~ servers/server1 0/0/0/1/1 304 180 - - ---- 1/1/0/1/0 0/0 "GET / HTTP/1.1" |
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| frontend website | |
| bind :80 | |
| # Mask the last octet of the IP | |
| http-request set-src src,ipmask(24) |
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| Feb 8 20:51:28 server1 haproxy[4718]: 192.168.50.0 [08/Feb/2019:20:51:28.816] website~ servers/server1 0/0/0/1/1 304 180 - - ---- 1/1/0/1/0 0/0 "GET / HTTP/1.1" |
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| # Masks the last three octets | |
| http-request set-src src,ipmask(8) |
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| Feb 8 20:53:13 server1 haproxy[4718]: 192.0.0.0 [08/Feb/2019:20:53:13.635] website~ servers/server1 0/0/0/1/1 304 180 - - ---- 1/1/0/1/0 0/0 "GET / HTTP/1.1" |
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| http-request set-src src,ipmask(24) | |
| http-request deny if { src 192.168.50.5 } |
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| http-request deny if { src 192.168.50.5 } | |
| http-request set-src src,ipmask(24) |
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| acl blacklisted src 192.168.50.5 | |
| http-request set-src src,ipmask(24) | |
| http-request deny if blacklisted |
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| frontend website | |
| bind :80 | |
| # Store the masked IP in a variable | |
| http-request set-var(txn.src_masked) src,ipmask(24) | |
| # Use a log-format that logs 'src_masked' | |
| log-format "%[var(txn.src_masked)]:%cp [%tr] %ft %b/%s %TR/%Tw/%Tc/%Tr/%Ta %ST %B %CC %CS %tsc %ac/%fc/%bc/%sc/%rc %sq/%bq %hr %hs %{+Q}r" | |
| # Other actions can use the true IP | |
| http-request deny if { src 192.168.50.5 } | |
| default_backend servers |
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| frontend website | |
| bind :80 | |
| bind :::80 | |
| http-request set-var(txn.src_masked) src,ipmask(24,64) | |
| log-format "%[var(txn.src_masked)] [%tr] %ft %b/%s %TR/%Tw/%Tc/%Tr/%Ta %ST %B %CC %CS %tsc %ac/%fc/%bc/%sc/%rc %sq/%bq %hr %hs %{+Q}r" | |
| default_backend servers |
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| Feb 11 21:48:39 server1 haproxy[5623]: fe80:: [11/Feb/2019:21:48:39.131] website servers/server1 0/0/0/3/3 304 180 - - ---- 1/1/0/1/0 0/0 "GET / HTTP/1.1" |
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment