Score:0

Make domains available only from internal network or VPN

mx flag

I am using HAProxy and serve different services through it and add TLS certificate for all my services in the internal network. Some of my networks I want to make accessible through a domain like internal.example.com others should be accessible from outside as well i.e. external.example.com.

How do I achieve this? Is the src ACL the right command for this? I tried with the following config but everything is still available from inside of the network and from outside.

frontend https
    mode tcp
    option tcplog
    bind *:443 ssl crt /etc/haproxy/certs/example.com.pem
    acl tls req.ssl_hello_type 1
    als white_list src 127.0.0.1 <my_external_ip> # let's assume this would be a real public ip.
    tcp-request inspect-delay 5s
    tcp-request content accept if tls


    # External
    acl host_server_server1 ssl_fc_sni -i external.example.com
    use_backend http_server_server1 if host_server_server1

    # Internal
    acl host_server_server2 ssl_fc_sni -i internal.example.com
use_backend http_server_server2 if host_server_server2 white_list


backend http_server_server1
    mode http
    option forwardfor
    server server1 server1:3000
    
backend http_server_server2
    mode http
    option forwardfor
    server server2 server2:3000
mangohost

Post an answer

Most people don’t grasp that asking a lot of questions unlocks learning and improves interpersonal bonding. In Alison’s studies, for example, though people could accurately recall how many questions had been asked in their conversations, they didn’t intuit the link between questions and liking. Across four studies, in which participants were engaged in conversations themselves or read transcripts of others’ conversations, people tended not to realize that question asking would influence—or had influenced—the level of amity between the conversationalists.