In my "/etc/haproxy/haproxy.cfg" file, I specify a whitelist file that contains IP addresses that are permitted to access a frontend.
frontend default-frontend
<snip>
tcp-request connection reject if ! { src -f /etc/haproxy/templates/ip-whitelist.txt }
<snip>
The contents of "/etc/haproxy/templates/ip-whitelist.txt" look like this:
192.45.21.89/32
123.34.33.7/32
56.23.12.77/32
78.12.66.3/32
This works great! Until I want to clean up the file and remove IPs for people who no longer need access.
Question: Is it possible to add comments to an haproxy template file?
I have tried this:
192.45.21.89/32 # Dylan Reeve
123.34.33.7/32 # Jane Doe
56.23.12.77/32 # Priscilla Ahmed
78.12.66.3/32 # Sayed Salas
... which returns errors similar to:
[ALERT] : parsing [/etc/haproxy/haproxy.cfg:123] : 'tcp-request connection reject' :
error detected in frontend 'default-frontend' while parsing 'if' condition :
'192.45.21.89/32 # Dylan Reeve' is not a valid IPv4 or IPv6 address
at line 1 of file '/etc/haproxy/templates/ip-whitelist.txt'
[ALERT] : Error(s) found in configuration file : /etc/haproxy/haproxy.cfg
[ALERT] : Fatal errors found in configuration.
Worst case scenario: I have to keep separate list in another location to match IPs with names.
As per HAProxy v1.8 documentation, this should work:
Taken from 1.8 docs (I've been doing this on 1.6 as well):
Or you could try using HAProxy maps which I think are complete overkill for your use case.