fix db acl

2022-02-07 06:03:13 +02:00 · 2022-02-07 06:03:13 +02:00 · 11961a80c4
parent 6f982e0a6a
commit 11961a80c4
3 changed files with 10 additions and 10 deletions
--- a/.gitignore
+++ b/.gitignore
@ -9,7 +9,7 @@ __pycache
 .env.prod

 # ignore lb allowed_ips
-lb/allowed_ips
+lb/dballowed.acl

 # ignore letsencrypt generated certificates
 data/certbot/etc/*
--- a/lb/dballowed.acl-sample
+++ b/lb/dballowed.acl-sample
--- a/lb/haproxy.cfg
+++ b/lb/haproxy.cfg
@ -58,16 +58,16 @@ frontend https
    http-response set-header Access-Control-Allow-Methods "GET"

    # ACL
-    acl acl_allowed src -f /usr/local/etc/haproxy/allowed_ips
-    acl acl_forestnet hdr(host)-i forest.deflax.net
-    acl acl_forestdb hdr(host) -i db.forest.deflax.net
-    acl acl_osmap hdr(host) -i map.deflax.net
+    acl is_allowed src -f /usr/local/etc/haproxy/dballowed.acl
+    acl is_forestnet hdr(host)-i forest.deflax.net
+    acl is_forestdb hdr(host) -i db.forest.deflax.net
+    acl is_osmap hdr(host) -i map.deflax.net
    
-    http-request deny if acl_forestdb !acl_allowed
+    tcp-request connection reject if is_forestdb !is_allowed

-    use_backend forestnet if acl_forestnet
-    use_backend forestdb if acl_forestdb
-    use_backend osmap if acl_osmap
+    use_backend forestnet if is_forestnet
+    use_backend forestdb if is_forestdb
+    use_backend osmap if is_osmap

 backend osmap
    # Get from cache / put in cache