haproxy白名单设置
2014-03-23 00:00
691 查看
在使用haproxy来作为tcp代理时,需要对某些IP做限制。用iptables也可以实现的。 顺道看了看haproxy手册,看看haproxy本身有是否提供方法来限制。要熟练使用某款应用需要熟读手册,手册是最权威,最详细的。好了,不罗嗦了,来看看haproxy怎么实现的:
Description During TCP content inspection, the connection is immediately validated if the condition is true (when used with "if") or false (when used with "unless"). Most of the time during content inspection, a condition will be in an uncertain state which is neither true nor false. The evaluation immediately stops when such a condition is encountered. It is important to understand that "accept" and "reject" rules are evaluated in their exact declaration order, so that it is possible to build complex rules from them. There is no specific limit to the number of rules which may be inserted. Note that the "if/unless" condition is optional. If no condition is set on the action, it is simply performed unconditionally. If no
tcp-request content rules are matched, the default action already is "accept". Thus, this statement alone does not bring anything without another reject statement.
Description During TCP content inspection, the connection is immediately rejected if the condition is true (when used with "if") or false (when used with "unless"). Most of the time during content inspection, a condition will be in an uncertain state which is neither true nor false. The evaluation immediately stops when such a condition is encountered. It is important to understand that "accept" and "reject" rules are evaluated in their exact declaration order, so that it is possible to build complex rules from them. There is no specific limit to the number of rules which may be inserted. Note that the "if/unless" condition is optional. If no condition is set on the action, it is simply performed unconditionally. If no "tcp-request content" rules are matched, the default action is set to "accept". 配置实例如下:
Syntax
tcp-request content accept [{if | unless} <condition>]
Sections
Defaults | Frontend | Listen | Backend |
No | Yes | Yes | No |
tcp-request content rules are matched, the default action already is "accept". Thus, this statement alone does not bring anything without another reject statement.
Syntax
tcp-request content reject [{if | unless} <condition>]
Sections
Defaults | Frontend | Listen | Backend |
No | Yes | Yes | No |
global log 127.0.0.1 local2 chroot /var/lib/haproxy pidfile /var/run/haproxy.pid maxconn 4000 user haproxy group haproxy daemon defaults mode http log global option dontlognull option httpclose #option httplog option tcplog #option forwardfor option redispatch timeout connect 10000 # default 10 second time out if a backend is not found timeout client 300000 timeout server 300000 maxconn 60000 retries 3 frontend tcp-2013-front bind *:2013 mode tcp default_backend tcp-2013-back tcp-2013-back mode tcp balance leastconn tcp-request content accept if { src -f /usr/local/haproxy/white_ip_list } tcp-request content reject server tcp-2013 10.1.27.20:2013white_ip_list白名单文件一行一个IP或者IP段。 如需转载请注明出处:http://www.ttlsa.com/html/3521.html
相关文章推荐
- haproxy白名单设置
- haproxy白名单设置
- xcode7.0以上版本在info.plist添加http协议 第三方登录白名单设置
- DD-WRT网站白名单设置
- Exchange server 2010手动白名单设置
- Windows7用户账户控制(UAC)白名单的设置
- winserver2012服务器,更改远程桌面端口,设置白名单
- Nginx、haproxy反向代理设置
- 邮件白名单设置方法【51CTO帮助】
- Linux 下设置防火墙白名单
- haproxy代理设置及配置文件详解
- nginx设置目录白名单、ip白名单
- Rabbitmq HAproxy 集群设置
- Windows7,程序兼容助手:这个程序可能安装不正确(做注册表里设置白名单,软件自身的名字不能带setup)
- haproxy代理设置及配置文件详解
- HAPROXY/LNMP系统请求应答超时时间设置
- iOS白名单设置
- 关于Angularjs中跨域设置白名单问题
- Nginx IP 白名单设置
- https白名单设置