我试图从文件中将白名单IP加载到Haproxy acl
我能够通过添加内联到haproxy配置文件将IP列入白名单,并且它运行良好
我想知道是否有任何方法可以指定文件的IP地址并从haproxy配置中读取它
这是我的Haproxy conf
global
log /dev/log local0
log /dev/log local1 notice
chroot /var/lib/haproxy
user haproxy
group haproxy
daemon
defaults
log global
mode http
option httplog
option dontlognull
contimeout 5000
clitimeout 50000
srvtimeout 50000
errorfile 400 /etc/haproxy/errors/400.http
errorfile 403 /etc/haproxy/errors/403.http
errorfile 408 /etc/haproxy/errors/408.http
errorfile 500 /etc/haproxy/errors/500.http
errorfile 502 /etc/haproxy/errors/502.http
errorfile 503 /etc/haproxy/errors/503.http
errorfile 504 /etc/haproxy/errors/504.http
frontend http-in
bind *:80
mode http
reqadd X-Forwarded-Proto:\ http
acl whitelist src 192.168.12.32 192.168.0.1
acl all src 0.0.0.0
acl demo hdr_end(host) -i 192.168.20.26
use_backend demo if demo whitelist
backend demo
balance leastconn
option httpclose
option forwardfor
cookie JSESSIONID prefix
server locahost localhost:8080 cookie A check
我们在haproxy.conf文件中使用"-f"标志指定白名单ip源.
在/ etc/haproxy /中创建whitelist.lst并列出所有带有子网掩码的白名单ip,例如: - 192.168.1.1/32 192.168.2.1/32 192.168.0.1/24等.这是我的haproxy conf文件,它从文件中加载白名单ip.
frontend http-in
bind *:80
mode http
reqadd X-Forwarded-Proto:\ http
acl whitelist src -f /etc/haproxy/whitelist.lst
acl all src 0.0.0.0
acl demo hdr_end(host) -i 192.168.20.26
use_backend demo if demo whitelist
backend demo
balance leastconn
option httpclose
option forwardfor
cookie JSESSIONID prefix
server locahost localhost:8080 cookie A check