diff --git a/.gitignore b/.gitignore
index 77f72ee..96b0914 100644
--- a/.gitignore
+++ b/.gitignore
@@ -9,7 +9,7 @@ __pycache
 .env.prod
 
 # ignore lb allowed_ips
-lb/allowed_ips
+lb/dballowed.acl
 
 # ignore letsencrypt generated certificates
 data/certbot/etc/*
diff --git a/lb/allowed_ips-sample b/lb/dballowed.acl-sample
similarity index 100%
rename from lb/allowed_ips-sample
rename to lb/dballowed.acl-sample
diff --git a/lb/haproxy.cfg b/lb/haproxy.cfg
index b33d160..6c10563 100644
--- a/lb/haproxy.cfg
+++ b/lb/haproxy.cfg
@@ -58,16 +58,16 @@ frontend https
     http-response set-header Access-Control-Allow-Methods "GET"
 
     # ACL
-    acl acl_allowed src -f /usr/local/etc/haproxy/allowed_ips
-    acl acl_forestnet hdr(host)-i forest.deflax.net
-    acl acl_forestdb hdr(host) -i db.forest.deflax.net
-    acl acl_osmap hdr(host) -i map.deflax.net
+    acl is_allowed src -f /usr/local/etc/haproxy/dballowed.acl
+    acl is_forestnet hdr(host)-i forest.deflax.net
+    acl is_forestdb hdr(host) -i db.forest.deflax.net
+    acl is_osmap hdr(host) -i map.deflax.net
+    
+    tcp-request connection reject if is_forestdb !is_allowed
 
-    http-request deny if acl_forestdb !acl_allowed
-
-    use_backend forestnet if acl_forestnet
-    use_backend forestdb if acl_forestdb
-    use_backend osmap if acl_osmap
+    use_backend forestnet if is_forestnet
+    use_backend forestdb if is_forestdb
+    use_backend osmap if is_osmap
 
 backend osmap
     # Get from cache / put in cache