HAProxy ACL 白名单 IP CIDR 表示法
HAProxy ACL whitelist IPs CIDR notation
我有一个 HAProxy 负载平衡器,我想只允许访问某些 IP。我知道如何使用常规符号来做到这一点:
acl is_ip_allowed src 173.245.48.1
http-request deny if !is_ip_allowed
但是当我使用 CIDR 表示法时不起作用
acl is_ip_allowed src 173.245.48.0/20
http-request deny if !is_ip_allowed
如果我 HAProxy documentation 正确
,这应该是可能的
IPv4 addresses values can be specified either as plain addresses or
with a netmask appended, in which case the IPv4 address matches
whenever it is within the network. Plain addresses may also be
replaced with a resolvable host name, but this practice is generally
discouraged as it makes it more difficult to read and debug
configurations. If hostnames are used, you should at least ensure that
they are present in /etc/hosts so that the configuration does not
depend on any random DNS match at the moment the configuration is
parsed.
但不幸的是,它不起作用。我错过了什么吗?
在咨询了同事后我找到了答案。
http-request deny if !{ src 173.245.48.0/20 }
因此,删除 ACL 并在 IF 条件中添加 CIDR 范围是可行的。
我有一个 HAProxy 负载平衡器,我想只允许访问某些 IP。我知道如何使用常规符号来做到这一点:
acl is_ip_allowed src 173.245.48.1
http-request deny if !is_ip_allowed
但是当我使用 CIDR 表示法时不起作用
acl is_ip_allowed src 173.245.48.0/20
http-request deny if !is_ip_allowed
如果我 HAProxy documentation 正确
,这应该是可能的IPv4 addresses values can be specified either as plain addresses or with a netmask appended, in which case the IPv4 address matches whenever it is within the network. Plain addresses may also be replaced with a resolvable host name, but this practice is generally discouraged as it makes it more difficult to read and debug configurations. If hostnames are used, you should at least ensure that they are present in /etc/hosts so that the configuration does not depend on any random DNS match at the moment the configuration is parsed.
但不幸的是,它不起作用。我错过了什么吗?
在咨询了同事后我找到了答案。
http-request deny if !{ src 173.245.48.0/20 }
因此,删除 ACL 并在 IF 条件中添加 CIDR 范围是可行的。