haproxy利用ACL规则封禁自定义IP地址拒绝访问
Posted BigBao的博客
tags:
篇首语:本文由小常识网(cha138.com)小编为大家整理,主要介绍了haproxy利用ACL规则封禁自定义IP地址拒绝访问相关的知识,希望对你有一定的参考价值。
现在有一个需求就是在发版的时候希望除公司IP外的外网访问服务的时候都是拒绝访问的
现在利用haproxy 的acl规则作出限制
errorfile 403 /etc/haproxy/errfile/403.http
acl url_bao hdr(Host) -i bao.doyoulicai.com acl kongzhong_src src 222.73.17.25 222.73.17.24 http-request deny if url_jr !kongzhong_src use_backend bao.doyoulicai.com if url_bao backend bao.doyoulicai.com balance roundrobin option httpchk GET /test HTTP/1.0 server 10.9.6.18:6011 10.9.6.18:6011 check inter 60000 rise 2 fall 5 weight 10
按照这样设置的话就可以实现当除222.73.17.25 222.73.17.24以外的其他IP地址访问bao.doyoulicai.com的时候都直接拒绝访问403页面
然后现在自定义一下403页面
[[email protected]_ha_nginx errfile]# cat 403.http HTTP/1.0 403 Forbidden Cache-Control: no-cache Connection: close Content-Type: text/html <!DOCTYPE html> <html> <head> <meta charset="UTF-8"> <title></title> <!--<link rel="stylesheet" href="/static/css/new_error.css">--> <style> *{ margin:0; padding:0; } body{ background-color: #f3f3f3; } .content{ width:380px; height:400px; position:absolute; top:50%; left:50%; transform: translate(-50%,-50%); } .content .main{ z-index: 5; position:relative; } .content .main .post{ position:absolute; top:100px; left:40px; width:11px; height:99px; border:3px solid #959595; border-radius: 5px; border-bottom: none; } .content .main .post2{ left:112px; } .content .main .tops{ position:absolute; top:108px; left:16px; width:134px; height:25px; border:3px solid #959595; border-radius: 5px; z-index: 3; background-color: #FFFFFF; } .content .main .tops i{ display: block; width:37px; height:2px; position:absolute; top:11px; left:4px; background-color: #959595; transform: rotate(-43deg); } .content .main .tops i.i1{ left:33px; } .content .main .tops i.i2{ left:62px; } .content .main .tops i.i3{ left:92px; } .content .main .foot{ position:absolute; top:199px; left:33px; width:24px; height:7px; border:3px solid #959595; border-radius: 5px; background-color: #f3f3f3; } .content .main .foot2{ left:105px; } /*STOP*/ .content .stops{ z-index: 5; position:relative; } .content .stops .big{ position:absolute; top:-30px; left:163px; width:112px; height:112px; border:3px solid #959595; border-radius: 50%; background-color:#fff; } .content .stops .big .min{ position:absolute; top:8px; left:8px; width:90px; height:90px; border:3px solid #959595; border-radius: 50%; font:bold 24px/90px "微软雅黑"; text-align: center; color:#666666; background-color:#fff; } .content .stops .middle{ position:absolute; top:87px; left:210px; width:15px; height:111px; border:3px solid #959595; border-bottom: none; border-top: none; } .content .stops .foots{ position:absolute; top:198px; left:205px; width:24px; height:7px; border:3px solid #959595; border-radius: 4px; } .content h2{ z-index: 3; width:600px; position:absolute; top:230px; left:-41px; font:30px/80px "微软雅黑"; color:#666; } /*帽子*/ .content .cap{ position:relative; } .content .cap .left{ z-index: 3; position:absolute; top:181px; left:126px; width:61px; height:3px; background-color: #959595; transform: rotate(-71deg); } .content .cap .right{ z-index: 3; position:absolute; top:181px; left:145px; width:61px; height:3px; background-color: #959595; transform: rotate(71deg); } .content .cap .round{ z-index: 3; position:absolute; top:116px; left:135px; width:62px; height:62px; border:2px solid #959595; border-radius: 50%; border-top: none; border-right:none; border-left: none; } .content .cap .round2{ z-index: 3; width:162px; height:162px; top:31px; left:86px; } .content .cap .round3{ z-index: 2; width:200px; height:200px; top:12px; left:66px; background-color:#f3f3f3; } .content .cap .just{ position:absolute; top:-15px; left:150px; width:200px; height:200px; background-color: #f3f3f3; z-index: 4; transform: rotate(71deg); } .content .cap .just2{ top:-15px; left:-17px; transform: rotate(-71deg); } .content .cap .foots{ z-index: 1; position:absolute; top:199px; left:144px; width:37px; height:37px; border-radius: 5px; /*transform: skew(30deg,30deg);*/ border:3px solid #959595; transform: rotate(38deg) skew(-34deg,-13deg); } </style> </head> <body> <div class="content"> <div class="main"> <!--立柱子两个--> <div class="post"></div> <div class="post post2"></div> <!--横柱子--> <div class="tops"> <i></i> <i class="i1"></i> <i class="i2"></i> <i class="i3"></i> </div> <!--脚底--> <div class="foot"></div> <div class="foot foot2"></div> </div> <!--帽子--> <div class="cap"> <!--<div class="skews"></div>--> <!--左边横线--> <div class="left"></div> <!--右边横线--> <div class="right"></div> <!--三个圆--> <div class="round"></div> <div class="round round2"></div> <div class="round round3"></div> <!--两个正方形做遮盖--> <div class="just"></div> <div class="just just2"></div> <!--帽子的底部--> <div class="foots"></div> </div> <!--stop--> <div class="stops"> <div class="big"> <div class="min"> STOP </div> </div> <div class="middle"></div> <div class="foots"></div> </div> <!--文字--> <h2>哎呀!服务器停机维护中...</h2> </div> </body> </html>
以上是关于haproxy利用ACL规则封禁自定义IP地址拒绝访问的主要内容,如果未能解决你的问题,请参考以下文章