fix db acl
This commit is contained in:
parent
6f982e0a6a
commit
11961a80c4
2
.gitignore
vendored
2
.gitignore
vendored
|
@ -9,7 +9,7 @@ __pycache
|
|||
.env.prod
|
||||
|
||||
# ignore lb allowed_ips
|
||||
lb/allowed_ips
|
||||
lb/dballowed.acl
|
||||
|
||||
# ignore letsencrypt generated certificates
|
||||
data/certbot/etc/*
|
||||
|
|
|
@ -58,16 +58,16 @@ frontend https
|
|||
http-response set-header Access-Control-Allow-Methods "GET"
|
||||
|
||||
# ACL
|
||||
acl acl_allowed src -f /usr/local/etc/haproxy/allowed_ips
|
||||
acl acl_forestnet hdr(host)-i forest.deflax.net
|
||||
acl acl_forestdb hdr(host) -i db.forest.deflax.net
|
||||
acl acl_osmap hdr(host) -i map.deflax.net
|
||||
acl is_allowed src -f /usr/local/etc/haproxy/dballowed.acl
|
||||
acl is_forestnet hdr(host)-i forest.deflax.net
|
||||
acl is_forestdb hdr(host) -i db.forest.deflax.net
|
||||
acl is_osmap hdr(host) -i map.deflax.net
|
||||
|
||||
http-request deny if acl_forestdb !acl_allowed
|
||||
tcp-request connection reject if is_forestdb !is_allowed
|
||||
|
||||
use_backend forestnet if acl_forestnet
|
||||
use_backend forestdb if acl_forestdb
|
||||
use_backend osmap if acl_osmap
|
||||
use_backend forestnet if is_forestnet
|
||||
use_backend forestdb if is_forestdb
|
||||
use_backend osmap if is_osmap
|
||||
|
||||
backend osmap
|
||||
# Get from cache / put in cache
|
||||
|
|
Loading…
Reference in a new issue