I would like to restrict access to my pastebin server (I'm using zerobin) so that untrusted IPs can only open secrets, but not create them.
(note that the url https://fakepastebin.com below is just an example for the sake of giving this question some context)
Trusted IPs: allow access to https://fakepastebin.com (main page where they can generate secrets)
Non trusted IPs: allow access only to secrets (eg https://fakepastebin.com/?29c6692368e9edc9#G4j8Y2w). Basically anything after https://fakepastebin.com/?*
Something like :
acl trusted-ip src -f /etc/haproxy/whitelist.lst
acl unprotected-pages path_beg ^/..*$
How do I make it so that the unprotected pages can be accessed by all IPs? I've never tried to limit the main page before...only sub-pages so I'm unsure how to do this. Appreciate the feedbacks!
UPDATE:
With these in place I can now prevent untrusted IPs from going to the top level url:
acl url_my_app hdr_dom(Host) -i fakepastebin.com
acl top_level_uri path_reg ^/$
acl app-query query -m reg ^(pasteid=)*[0-9a-zA-Z]{16}$
http-request deny if url_my_app top_level_uri !app-query !trusted_ips
However I noticed that if I browse to https://fakepastebin.com/foobahshshshhs it will redirect me to the top level uri and I can access it then, which is not what I want :( how can I get haproxy to deny untrusted IPs access to the top level uri https://fakepastebin.com ?
Thanks
