HAproxy ACLs to Allow ssh git operations to only selected git repositories / project urls ( block all other repos)

rgh

4/16/23, 8:12 PM

I have Bitbucket Server serving SSH git traffic on port 7999 and it has an HAProxy for SSH port forwarding ( HAProxy is only for a set of users from a secure n/w).

The requirement is to Allow only selected projects/repos to be cloned using SSH protocol which has to pass through HAproxy on port 7999. Port forwarding is working however ACL is not yet working.

The git SSH clone URL looks as:

git clone ssh://[email protected]:7999/project1/repo1.git

Question1)Is this can be achieved using HAproxy ACLs for SSH URIs? Question2) I am a beginner on HAproxy ACL, how to write a HAproxy rule so that block all repos by default and allow only selected repos?

I tried deny if {path -i -m end reponame.git} however not succeeded.

seeking example/guidance on how best we can achieve it using HAproxy.

0 + 0

ssh

haproxy

bitbucket

Score:1

Server

AlexD

4/16/23, 8:42 PM

HAProxy doesn't terminate a ssh connection so it is unable to look into paths. path can be matched only with HTTP requests (haproxy mode http).

0 + 0

Elon Musk

I sit in a Tesla and translated this thread with Ai:

EN: HAproxy ACLs to Allow ssh git operations to only selected git repositories / project urls ( block all other repos)

TH: HAproxy ACL เพื่ออนุญาตให้ดำเนินการ ssh git กับที่เก็บ git / URL ของโครงการที่เลือกเท่านั้น (บล็อก repos อื่น ๆ ทั้งหมด)

RO: ACL-uri HAproxy pentru a permite operațiunile ssh git numai pentru depozitele git / adresele URL ale proiectelor selectate (blocați toate celelalte depozite)

RU: HAproxy ACL для разрешения операций ssh git только для выбранных репозиториев git / URL-адресов проектов (блокировать все остальные репозитории)

VI: HAproxy ACLs để chỉ cho phép các hoạt động ssh git đối với các kho lưu trữ git/url dự án đã chọn (chặn tất cả các kho lưu trữ khác)

Post an answer

Most people don’t grasp that asking a lot of questions unlocks learning and improves interpersonal bonding. In Alison’s studies, for example, though people could accurately recall how many questions had been asked in their conversations, they didn’t intuit the link between questions and liking. Across four studies, in which participants were engaged in conversations themselves or read transcripts of others’ conversations, people tended not to realize that question asking would influence—or had influenced—the level of amity between the conversationalists.