Hardening HAProxy to block ips and uris : KNOWLEDGE BASE

Hardening HAProxy to block ips and uris Print

Modified on: Mon, 28 Apr, 2025 at 11:41 AM

Added the following after

frontend ft_http

bind :::80 v4v6

bind :::443 v4v6 ssl crt /var/lib/jelastic/SSL/jelastic.pem alpn h2,http/1.1

added

#TT ADDITION read blocked-ip list and block those on it if the xforward ip matches

TT - BELOW WORKS BUT MAKE SURE THE blocklist file exists before restarting

ATM it needs a proxy restart after addition of ip

acl is-blocked-ip hdr_ip(X-Forwarded-For) -f /usr/tmp/blocklist.ips

http-request silent-drop if is-blocked-ip

# end blocked ips

#TT ADDITION restrict urls including admin.php

acl restricted_page path_beg /wp-admin/ /wp-content/

http-request silent-drop if restricted_page

#end of restrict

this will stop any ips on the blocklist.ips and any url containing /wp-admin/ or /wp-content/

Did you find it helpful? Yes No

Hardening HAProxy to block ips and uris Print