Possible to add basic HTTP access authentication via HAProxy?

I had to do this today myself (because IIS 7.5 bizarrely doesn't actually support authenticating against anything but Windows user accounts or AD!)...

Here's all the code

userlist UsersFor_AcmeCorp
  user joebloggs insecure-password letmein

backend HttpServers
  .. normal backend stuff goes here as usual ..
  acl AuthOkay_AcmeCorp http_auth(UsersFor_AcmeCorp)
  http-request auth realm AcmeCorp if !AuthOkay_AcmeCorp

I documented it a bit better here: http://nbevans.wordpress.com/2011/03/03/cultural-learnings-of-ha-proxy-for-make-benefit/

I think this is actually possible, but right now I can only find an example to get you halfway...

http://haproxy.1wt.eu/download/1.4/doc/configuration.txt is your bible.

Check out section 3.4 (Userlists)

It starts:

It is possible to control access to frontend/backend/listen sections or to http stats by allowing only authenticated and authorized users. To do this, it is required to create at least one userlist and to define users.

That section explains how to set up a userlist. The example in that section's quite exhaustive so copy that if you need to.

Next, need to figure out how to apply it... I think the answer lies in section 7.5.3 (Matching at Layer 7)

I think it might be as simple as using the following in an acl:

http_auth(userlist)
http_auth_group(userlist) <group> [<group>]*
  Returns true when authentication data received from the client matches
  username & password stored on the userlist. It is also possible to
  use http_auth_group to check if the user is assigned to at least one
  of specified groups.

Again, I haven't tested it, but that's what I read the documentation as suggesting is possible.

I hope that's enough to get you started?

If you're looking to do this for the purposes of authenticating an

option httpchk

config, this simpler solution works: https://stackoverflow.com/questions/13325882/haproxy-solr-healthcheck-with-authentication