Learn how to allow IP with HAProxy ACL. Our HAProxy Support team is here to help you with your questions and concerns.

How to allow IP with HAProxy ACL

In HAProxy, Access Control Lists (ACLs) let us control access to resources or services based on different criteria, including IP addresses.

Let’s take a quick look at how to use HAProxy ACLs to allow or deny access based on IP addresses:

• First, we have to define an ACL that matches a certain IP address or a range of IP addresses. This is done with the acl keyword followed by a name for the ACL and a condition based on the source IP address.

  acl allowed_ip src 192.168.1.100

  Then, an ACL named allowed_ip is defined, and it matches requests coming from the IP address 192.168.1.100.
• Furthermore, we have to use the ACL in our HAProxy configuration to allow or deny access to a certain resource or backend based on whether the ACL condition is met.

  acl is_allowed_ip_acl acl(allowed_ip)
use_backend protected_backend if is_allowed_ip_acl


  Here, we create a new ACL named is_allowed_ip_acl that checks the allowed_ip ACL condition. Then, if the condition is met, the traffic is routed to the protected_backend.
• In order to deny access to all other IP addresses that do not match the specified ACL condition, we can use the default_backend directive to specify a backend that handles requests from unauthorized IP addresses.

  default_backend blocked_backend

  Then, any request that does not match the allowed_ip ACL condition will be directed to the blocked_backend.
• Additionally, we have to test our ACL rules to ensure that they work as expected. We can use HAProxy’s logging and monitoring features to check which ACL conditions are being matched and how traffic is being routed.

[Need assistance with a different issue? Our team is available 24/7.]

Conclusion

In brief, our Support Experts demonstrated how to allow IP with HAProxy ACL.