Created
November 15, 2020 07:21
-
-
Save mencarellic/c08a31ab0b7b8edfc4b71c75cef8cb0c to your computer and use it in GitHub Desktop.
HAProxy config showing how to surface ACL actions in the logs
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
global | |
maxconn 250 | |
daemon | |
log stdout format raw local0 | |
defaults | |
log global | |
mode http | |
option httplog | |
timeout connect 5s | |
timeout client 30s | |
timeout server 30s | |
listen stats | |
bind *:8000 | |
no log | |
stats enable | |
stats uri /stats | |
stats refresh 5s | |
listen web | |
bind *:80 | |
mode http | |
acl ip_is_internal src 10.0.0.0/8 | |
acl ip_is_internal src 172.16.0.0/12 | |
acl ip_is_internal src 192.168.0.0/16 | |
acl curl_user_agent hdr_reg(user-agent) -i ^.*curl.*$ | |
http-request set-var(txn.acl_trigger) str("Internal_IP") if ip_is_internal | |
http-request set-var(txn.acl_trigger) str("cURL_User_Agent") if curl_user_agent | |
http-request deny if curl_user_agent | |
server web apache:80 check | |
log-format "%ci:%cp [%tr] %ft %b/%s %TR/%Tw/%Tc/%Tr/%Ta %ST %B %CC %CS %tsc %ac/%fc/%bc/%sc/%rc %sq/%bq %hr %hs %{+Q}r ACL-Triggered:%{+E}[var(txn.acl_trigger)] " |
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment