How To Block IP Addresses In HAProxy

PublishedDecember 27, 2020

•1 min read

Update haproxy.cfg to add condition acl is-blocked-ip src -f /etc/haproxy/blocklisted.ips

frontend fe-lehaproxy
        bind *:80

        acl is-blocked-ip src -f /etc/haproxy/blocklisted.ips
        http-request deny if is-blocked-ip

        acl letsencrypt-acl path_beg /.well-known/acme-challenge/
        use_backend letsencrypt-backend if letsencrypt-acl
        redirect scheme https code 301 if !letsencrypt-acl

frontend fe-verify
        bind *:443 ssl crt /etc/certs

        acl is-blocked-ip src -f /etc/haproxy/blocklisted.ips
        http-request deny if is-blocked-ip

        http-request set-header X-Forwarded-Proto https if { ssl_fc }
        default_backend mybackend

Blocked list

~:/etc/haproxy# cat blocklisted.ips 
32.66.111.255
11.129.81.18

Requests from IP addresses within the blocklisted.ips file will receive 403 Alt Text

Another way to block IP addresses is to update inbound rule of AWS ALC Alt Text

More about HAProxy

#devops #cloud

More from this blog

Single-Sign-On By Vouch Proxy And AWS Cognito

Abstract For Kubernetes cluster, we have many observability and monitoring tools which are built-in with separated dashboard/console UIs with login-authentication. We don't want to create many domains as well as multiple accounts to handle them. Thi...

May 31, 20233 min read

Single-Sign-On By Vouch Proxy And AWS Cognito

FastApi With AWS Serverless powered by CDK Typescript

Abstract Deploy FastAPI in a Lambda function that is fronted by an HTTP API in API Gateway, you can enable the API key required for the API Table Of Contents Solution overview Build FastAPI as a lambda funnction handler Deploy Test API Conclus...

May 21, 20233 min read

FastApi With AWS Serverless powered by CDK Typescript

Amazon ECS Farget with Blue-Green Deployments by CDK Typescript - Part 2

Abstract Continue the previous post Hands-on Amazon ECS for Blue-Green Deployments With CDK Typescript which uses EC2 to host the ECS container service and manually operate blue-green deployments. In this blog post, I use AWS Fargate as a container ...

May 17, 20234 min read

Amazon ECS Farget with Blue-Green Deployments by CDK Typescript - Part 2

Hands-on Amazon ECS for Blue-Green Deployments With CDK Typescript - Part 1

Abstract This blog post supports you in hands-on AWS ECS by building the Blue-Green Deployments With CDK Typescript. Instead of using AWS console to create all necessary resources, you will create them through CDK code and automate deployment with C...

May 10, 20234 min read

Hands-on Amazon ECS for Blue-Green Deployments With CDK Typescript - Part 1

Manage IAM Access Key Of AWS Service Connection In Azure Devops Pipeline

Abstract Service Connection represents a Service Principal in Azure DevOps, an identity which uses Headless authentication. We create a connection from Azure Pipelines for external and remote services to execute tasks in a job. Once you establish a...

Apr 23, 20235 min read

Manage IAM Access Key Of AWS Service Connection In Azure Devops Pipeline

Vu Dao

102 posts

🚀 AWSome Devops | AWS Community Builder | AWS SA || ☁️ SimflexCloud ☁️

How To Block IP Addresses In HAProxy

Command Palette

More from this blog