Skip to content
Snippets Groups Projects
Commit 1a3288d2 authored by jurgenhaas's avatar jurgenhaas
Browse files

SV-50578 Implement blacklist for haproxy

parent f526ab51
No related branches found
No related tags found
No related merge requests found
Hide whitespace changes
Inline Side-by-side
defaults/main.yml
+ 1
0
View file @ 1a3288d2
default_proxy: ''
proxy_default_backend: ''
proxy_blacklist_ips: []
tasks/configure.yml
+ 9
0
View file @ 1a3288d2
......@@ -67,3 +67,12 @@
hour='*'
minute='*/1'
job='/etc/haproxy/update/update.sh >/dev/null 2>&1'
- name: "Proxy | Update blacklist"
template: src=blacklist
dest=/etc/haproxy/blacklist
owner=root
group=root
mode=644
when: scope == 'all'
notify: 'Proxy | Restart HAProxy'
templates/blacklist 0 → 100644
+ 3
0
View file @ 1a3288d2
{% for line in hostvars[item]['proxy_blacklist_ips'] %}
{{line}}
{% endfor %}
templates/haproxy_cfg
+ 4
0
View file @ 1a3288d2
......@@ -43,6 +43,8 @@ listen stats 127.0.0.1:7000
frontend http-in
bind *:80
acl blockedip src -i -f /etc/haproxy/blacklist
http-request deny if blockedip
{% for host in groups['all'] %}
{% if hostvars[host]['proxy_redirect'] %}
{% for redirect in hostvars[host]['proxy_redirect'] %}
......@@ -67,6 +69,8 @@ frontend http-in
frontend https-in
bind :443 ssl crt /etc/haproxy/certs/s-verein.de.pem no-sslv3
acl blockedip src -i -f /etc/haproxy/blacklist
http-request deny if blockedip
{% for host in groups['all'] %}
{% if hostvars[host]['proxy_redirect'] %}
{% for redirect in hostvars[host]['proxy_redirect'] %}
......
0% or .
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment