Hi list!
I've problems with configuring ACL.
My OS:
# uname -a
FreeBSD ryba-laptop.cadera.com.pl 6.2-RELEASE-p8 FreeBSD 6.2-RELEASE-p8
#2: Thu Oct 4 11:39:54 CEST 2007
root#ryba-laptop.cadera.com.pl:/usr/obj/usr/src/sys/LAPTOP i386
My haproxy version (build from ports):
# pkg_info | grep haproxy
haproxy-devel-1.3.12.2 The Reliable, High Performance TCP/HTTP Load Balancer
My config:
# cat haproxy.conf
global
log 127.0.0.1 local0
log 127.0.0.1 local1 notice
#log loghost local0 info
maxconn 4096
# ulimit-n 8208
chroot /var/empty
uid nobody
gid nobody
nbproc 1
daemon
debug
#quiet
defaults
log global
mode http
option httplog
option dontlognull
retries 3
redispatch
maxconn 2000
contimeout 5000
clitimeout 50000
srvtimeout 50000
listen admin_page 0.0.0.0:8888
mode http
option httpclose
balance roundrobin
stats enable
stats refresh 1
stats uri /
stats realm Global\ statistics
stats auth admin:admin
listen :10000 0.0.0.0:10022
# disabled
mode tcp
balance roundrobin
acl src_in src 192.168.137.2/32
# block if !src_in
block unless src_in
server test 192.168.137.1:10022 check inter 2000 rise 2 fall 5
I wish to limit access to TCP proxy service for certain IP address. Something similar to 'only_from = _IP_' in xinetd
In my opinion, this configuration doesn't do ACL stuff. Even when o add
section:
block if TRUE
Am I missing something?
Thanks in advance & best regards
Piotr Rybicki
Received on 2007/10/23 15:16
This archive was generated by hypermail 2.2.0 : 2007/11/04 19:21 CET