Hi all,
I'm planning to use haproxy for filtering connections behind, using a
whitelist file, like below.
frontend Hybrid_Exchange_Connector_TCP_25
timeout client 30m
mode tcp
bind 172.16.151.136:25 name SMTP
#
https://technet.microsoft.com/en-us/library/dn163583%28v=exchg.150%29.aspx
tcp-request connection reject if !{ src -f
/etc/haproxy/whitelist.lst }
default_backend bk_Hybrid_Exchange_Connector_TCP_25
backend bk_Hybrid_Exchange_Connector_TCP_25
timeout server 30m
timeout connect 5s
mode tcp
balance leastconn
stick-table type ip size 20k
stick on src
default-server inter 5s fall 3 rise 2 on-marked-down
shutdown-sessions
server exch1 172.17.120.183 weight 10 check port 25 maxconn 1000
server exch2 172.17.120.184 weight 10 check port 25 maxconn 1000
but, if i try to connect from another IP that isn't in that whitelist
file, i'm still able to connect to server behind for a few moments.
There is a way to set haproxy in order to DENY/DROP connections, like
iptables does?
thank you,
Marius
I'm planning to use haproxy for filtering connections behind, using a
whitelist file, like below.
frontend Hybrid_Exchange_Connector_TCP_25
timeout client 30m
mode tcp
bind 172.16.151.136:25 name SMTP
#
https://technet.microsoft.com/en-us/library/dn163583%28v=exchg.150%29.aspx
tcp-request connection reject if !{ src -f
/etc/haproxy/whitelist.lst }
default_backend bk_Hybrid_Exchange_Connector_TCP_25
backend bk_Hybrid_Exchange_Connector_TCP_25
timeout server 30m
timeout connect 5s
mode tcp
balance leastconn
stick-table type ip size 20k
stick on src
default-server inter 5s fall 3 rise 2 on-marked-down
shutdown-sessions
server exch1 172.17.120.183 weight 10 check port 25 maxconn 1000
server exch2 172.17.120.184 weight 10 check port 25 maxconn 1000
but, if i try to connect from another IP that isn't in that whitelist
file, i'm still able to connect to server behind for a few moments.
There is a way to set haproxy in order to DENY/DROP connections, like
iptables does?
thank you,
Marius