fix db acl

This commit is contained in:
Daniel afx 2022-02-07 06:03:13 +02:00
parent 6f982e0a6a
commit 11961a80c4
3 changed files with 10 additions and 10 deletions

2
.gitignore vendored
View file

@ -9,7 +9,7 @@ __pycache
.env.prod
# ignore lb allowed_ips
lb/allowed_ips
lb/dballowed.acl
# ignore letsencrypt generated certificates
data/certbot/etc/*

View file

@ -58,16 +58,16 @@ frontend https
http-response set-header Access-Control-Allow-Methods "GET"
# ACL
acl acl_allowed src -f /usr/local/etc/haproxy/allowed_ips
acl acl_forestnet hdr(host)-i forest.deflax.net
acl acl_forestdb hdr(host) -i db.forest.deflax.net
acl acl_osmap hdr(host) -i map.deflax.net
acl is_allowed src -f /usr/local/etc/haproxy/dballowed.acl
acl is_forestnet hdr(host)-i forest.deflax.net
acl is_forestdb hdr(host) -i db.forest.deflax.net
acl is_osmap hdr(host) -i map.deflax.net
tcp-request connection reject if is_forestdb !is_allowed
http-request deny if acl_forestdb !acl_allowed
use_backend forestnet if acl_forestnet
use_backend forestdb if acl_forestdb
use_backend osmap if acl_osmap
use_backend forestnet if is_forestnet
use_backend forestdb if is_forestdb
use_backend osmap if is_osmap
backend osmap
# Get from cache / put in cache