Hi Kévin & Aleks,
On Wed, Aug 20, 2008 at 04:11:58PM +0200, Aleksandar Lazic wrote:
> Dear Kévin,
>
> On Mit 20.08.2008 12:54, MAZIERE Kévin - AMEN wrote:
> >Hi,
> >
> >I try to block access to apache server using haproxy for some http
> >request containing the same HOST value
> >I'm not familiar with acl and reqideny and other parameters, even after
> >some tests and spending some time on the documentation...
> >
> >For example the request is like : wget http://foo.bar.com/ and I want to
> >block this request because it contains the words foo.bar.com
> >
> >I try to use reqideny command like : reqideny
> >^HOST:\foo\.bar\.com.*$,
>
> Please try:
>
> reqideny ^HOST: foo\.bar\.com
While this works on both 1.2 and 1.3, I would recommend switching to the ACLs for this (and they are faster BTW). You can do :
acl bad_host hdr(host) -i foo.bar.com foo2.bar.com foo3.bar.com acl bad_host hdr(host) -i foo4.bar.com foo5.bar.com foo6.bar.com block if bad_host
You can also match on domain suffixes, and combine them with other conditions, such as source networks (eg: allow your test client but noone else).
Regards,
Willy
Received on 2008/09/02 22:26
This archive was generated by hypermail 2.2.0 : 2008/09/02 22:30 CEST