haproxy利用ACL规则封禁自定义IP地址拒绝访问

Posted BigBao的博客

tags:

篇首语:本文由小常识网(cha138.com)小编为大家整理,主要介绍了haproxy利用ACL规则封禁自定义IP地址拒绝访问相关的知识,希望对你有一定的参考价值。

现在有一个需求就是在发版的时候希望除公司IP外的外网访问服务的时候都是拒绝访问的

现在利用haproxy 的acl规则作出限制

errorfile       403 /etc/haproxy/errfile/403.http
acl url_bao hdr(Host) -i bao.doyoulicai.com acl kongzhong_src src 222.73.17.25 222.73.17.24 http-request deny if url_jr !kongzhong_src use_backend bao.doyoulicai.com if url_bao backend bao.doyoulicai.com balance roundrobin option httpchk GET /test HTTP/1.0 server 10.9.6.18:6011 10.9.6.18:6011 check inter 60000 rise 2 fall 5 weight 10

 按照这样设置的话就可以实现当除222.73.17.25 222.73.17.24以外的其他IP地址访问bao.doyoulicai.com的时候都直接拒绝访问403页面

然后现在自定义一下403页面

[[email protected]_ha_nginx errfile]# cat 403.http 
HTTP/1.0 403 Forbidden
Cache-Control: no-cache
Connection: close
Content-Type: text/html

<!DOCTYPE html>
<html>
	<head>
		<meta charset="UTF-8">
		<title></title>
        <!--<link rel="stylesheet" href="/static/css/new_error.css">-->
        	<style>
        		*{
				margin:0;
				padding:0;
			}
			body{
				background-color: #f3f3f3;
			}
			.content{
				width:380px;
				height:400px;
				position:absolute;
			    top:50%;
				left:50%;
				transform: translate(-50%,-50%);
			}
			.content .main{
				z-index: 5;
				position:relative;
			}
			.content .main .post{
				position:absolute;
				top:100px;
				left:40px;
				width:11px;
				height:99px;
				border:3px solid #959595;
				border-radius: 5px;
				border-bottom: none;
			}
			.content .main .post2{
				left:112px;
			}
			.content .main .tops{
				position:absolute;
				top:108px;
				left:16px;
				width:134px;
				height:25px;
				border:3px solid #959595;
				border-radius: 5px;
				z-index: 3;
				background-color: #FFFFFF;
			}
			.content .main .tops i{
				display: block;
				width:37px;
				height:2px;
				position:absolute;
				top:11px;
				left:4px;
				background-color: #959595;
				transform: rotate(-43deg);
			}
			.content .main .tops i.i1{
				left:33px;
			}
			.content .main .tops i.i2{
				left:62px;
			}
			.content .main .tops i.i3{
				left:92px;
			}
			.content .main .foot{
				position:absolute;
				top:199px;
				left:33px;
				width:24px;
				height:7px;
				border:3px solid #959595;
				border-radius: 5px;
				background-color: #f3f3f3;
			}
			.content .main .foot2{
				left:105px;
			}
			
			/*STOP*/
			.content .stops{
				z-index: 5;
				position:relative;				
			}
			.content .stops .big{
				position:absolute;
				top:-30px;
				left:163px;
				width:112px;
				height:112px;
				border:3px solid #959595;
				border-radius: 50%;
				background-color:#fff;
			}
			.content .stops .big .min{
				position:absolute;
				top:8px;
				left:8px;
				width:90px;
				height:90px;
				border:3px solid #959595;
				border-radius: 50%;
				font:bold 24px/90px "微软雅黑";
				text-align: center;
				color:#666666;
				background-color:#fff;
			}
			.content .stops .middle{
				position:absolute;
				top:87px;
				left:210px;
				width:15px;
				height:111px;
				border:3px solid #959595;
				border-bottom: none;
				border-top: none;
			}
			.content .stops .foots{
				position:absolute;
				top:198px;
				left:205px;
				width:24px;
				height:7px;
				border:3px solid #959595;
				border-radius: 4px;
			}
			.content h2{
				z-index: 3;
				width:600px;
				position:absolute;
				top:230px;
				left:-41px;
				font:30px/80px "微软雅黑";
				color:#666;
			}
			
			/*帽子*/
			.content .cap{
				position:relative;
				
			}
			.content .cap .left{
				z-index: 3;
				position:absolute;
				top:181px;
				left:126px;
				width:61px;
				height:3px;
				background-color: #959595;
				transform: rotate(-71deg);
			}
			.content .cap .right{
				z-index: 3;
				position:absolute;
				top:181px;
				left:145px;
				width:61px;
				height:3px;
				background-color: #959595;
				transform: rotate(71deg);
			}
			.content .cap .round{
				z-index: 3;
				position:absolute;
				top:116px;
				left:135px;
				width:62px;
				height:62px;
				border:2px solid #959595;
				border-radius: 50%;
				border-top: none;
				border-right:none;
				border-left: none;				
			}
			.content .cap .round2{
				z-index: 3;
				width:162px;
				height:162px;
				top:31px;
				left:86px;
			}
			.content .cap .round3{
				z-index: 2;
				width:200px;
				height:200px;
				top:12px;
				left:66px;
				background-color:#f3f3f3;
			}
			.content .cap .just{
				position:absolute;
				top:-15px;
				left:150px;
				width:200px;
				height:200px;
				background-color: #f3f3f3;
				z-index: 4;
				transform: rotate(71deg);
			}
			.content .cap .just2{
				top:-15px;
				left:-17px;
				transform: rotate(-71deg);
			}
			.content .cap .foots{
				z-index: 1;
				position:absolute;
				top:199px;
				left:144px;
				width:37px;
				height:37px;
				border-radius: 5px;
				/*transform: skew(30deg,30deg);*/
				border:3px solid #959595;
				transform: rotate(38deg) skew(-34deg,-13deg);
			}
        	</style>
	</head>
	<body>
		<div class="content">
			<div class="main">
				<!--立柱子两个-->
				<div class="post"></div>
				<div class="post post2"></div>
				<!--横柱子-->
				<div class="tops">
					<i></i>
					<i class="i1"></i>
					<i class="i2"></i>
					<i class="i3"></i>
				</div>
				<!--脚底-->
				<div class="foot"></div>
				<div class="foot foot2"></div>
			</div>
			<!--帽子-->
			<div class="cap">
				<!--<div class="skews"></div>-->
				<!--左边横线-->
				<div class="left"></div>
				<!--右边横线-->
				<div class="right"></div>
			 <!--三个圆-->
			    <div class="round"></div>
			    <div class="round round2"></div>
			    <div class="round round3"></div>
			    <!--两个正方形做遮盖-->
			    <div class="just"></div>
			    <div class="just just2"></div>
			    <!--帽子的底部-->
			    <div class="foots"></div>
			</div>
			<!--stop-->
			<div class="stops">
				<div class="big">
					<div class="min">
						STOP
					</div>
				</div>
				<div class="middle"></div>
				<div class="foots"></div>
			</div>
			
			<!--文字-->
			<h2>哎呀!服务器停机维护中...</h2>
		</div>
	</body>
</html> 

 

以上是关于haproxy利用ACL规则封禁自定义IP地址拒绝访问的主要内容,如果未能解决你的问题,请参考以下文章

再理一下prerouting和postrouting等插入点

计网实验之访问控制列表

当网卡收到一个包的目的地址不是自己的地址时

HAProxy中的ACL与自定义错误页面

网络层

自学网络