Marcin Asked: 2010-12-28 08:55:15 +0800 CST2010-12-28 08:55:15 +0800 CST 2010-12-28 08:55:15 +0800 CST How to block IP addresses in HAProxy? 772 Is there something like Apache "deny from ip" in haproxy? apache-2.2 haproxy deny 1 Answers Voted Best Answer Kyle Brandt 2010-12-28T09:00:30+08:002010-12-28T09:00:30+08:00 You can drop an IP at the tcp level by creating an ACL and then using connection reject if the ACL is matched: acl bad_ip src 10.10.10.0 tcp-request connection reject if bad_ip You could also set up a 403 backend and send them to that if you want to do it at the HTTP level: frontend foo ... acl bad_ip src 10.10.10.0 use_backend bad_guy if bad_ip ... backend bad_guy mode http errorfile 403 /etc/haproxy/errors/403.http These ACLs can be pretty flexible, and you can make it so multiple conditions within an ACL, or multiple ACLs within the action have to be met. More at http://haproxy.1wt.eu/download/1.5/doc/configuration.txt .
You can drop an IP at the tcp level by creating an ACL and then using connection reject if the ACL is matched:
You could also set up a 403 backend and send them to that if you want to do it at the HTTP level:
These ACLs can be pretty flexible, and you can make it so multiple conditions within an ACL, or multiple ACLs within the action have to be met. More at http://haproxy.1wt.eu/download/1.5/doc/configuration.txt .