From 11961a80c4fa483ed962c0c4f3b5632feb64b702 Mon Sep 17 00:00:00 2001 From: Daniel afx Date: Mon, 7 Feb 2022 06:03:13 +0200 Subject: [PATCH] fix db acl --- .gitignore | 2 +- ...allowed_ips-sample => dballowed.acl-sample} | 0 lb/haproxy.cfg | 18 +++++++++--------- 3 files changed, 10 insertions(+), 10 deletions(-) rename lb/{allowed_ips-sample => dballowed.acl-sample} (100%) diff --git a/.gitignore b/.gitignore index 77f72ee..96b0914 100644 --- a/.gitignore +++ b/.gitignore @@ -9,7 +9,7 @@ __pycache .env.prod # ignore lb allowed_ips -lb/allowed_ips +lb/dballowed.acl # ignore letsencrypt generated certificates data/certbot/etc/* diff --git a/lb/allowed_ips-sample b/lb/dballowed.acl-sample similarity index 100% rename from lb/allowed_ips-sample rename to lb/dballowed.acl-sample diff --git a/lb/haproxy.cfg b/lb/haproxy.cfg index b33d160..6c10563 100644 --- a/lb/haproxy.cfg +++ b/lb/haproxy.cfg @@ -58,16 +58,16 @@ frontend https http-response set-header Access-Control-Allow-Methods "GET" # ACL - acl acl_allowed src -f /usr/local/etc/haproxy/allowed_ips - acl acl_forestnet hdr(host)-i forest.deflax.net - acl acl_forestdb hdr(host) -i db.forest.deflax.net - acl acl_osmap hdr(host) -i map.deflax.net + acl is_allowed src -f /usr/local/etc/haproxy/dballowed.acl + acl is_forestnet hdr(host)-i forest.deflax.net + acl is_forestdb hdr(host) -i db.forest.deflax.net + acl is_osmap hdr(host) -i map.deflax.net + + tcp-request connection reject if is_forestdb !is_allowed - http-request deny if acl_forestdb !acl_allowed - - use_backend forestnet if acl_forestnet - use_backend forestdb if acl_forestdb - use_backend osmap if acl_osmap + use_backend forestnet if is_forestnet + use_backend forestdb if is_forestdb + use_backend osmap if is_osmap backend osmap # Get from cache / put in cache