Block all traffic to the frontend except Let's encrypt during maintenance windows; With the exception of IP's on the allow list
Block all traffic except allowed IP's for a backend
Both should be available separately and allow to ACL only a single backend. Deny lists are not yet implemented as they tend to be implemented at the firewall level.
Usecases:
Both should be available separately and allow to ACL only a single backend. Deny lists are not yet implemented as they tend to be implemented at the firewall level.
More info on HAProxy allow lists:
https://www.haproxy.com/blog/introduction-to-haproxy-acls/
Basically we need to add the following lines to the correct stanza: http-request deny if !{ src -f /usr/local/etc/haproxy/allowed.acl }
The acl file itself contains just a list of IP's