Apply a 16 or 56 bit mask to source IP addresses

This commit is contained in:
genofire 2020-10-03 04:00:30 +02:00
parent dd16e9281d
commit 6031ddc028
2 changed files with 3 additions and 0 deletions

View File

@ -2,5 +2,7 @@ frontend http
log global log global
bind ${BIND_V4}:80 bind ${BIND_V4}:80
bind ${BIND_V6}:80 bind ${BIND_V6}:80
http-request set-src src,ipmask(16,56)
use_backend %[req.hdr(host),lower,map(/usr/local/etc/haproxy/http.map)] use_backend %[req.hdr(host),lower,map(/usr/local/etc/haproxy/http.map)]

View File

@ -3,6 +3,7 @@ frontend sni
mode tcp mode tcp
option tcplog option tcplog
tcp-request inspect-delay 5s tcp-request inspect-delay 5s
tcp-request connection set-src src,ipmask(16,56)
tcp-request content accept if { req_ssl_hello_type 1 } tcp-request content accept if { req_ssl_hello_type 1 }
bind ${BIND_V4}:443 bind ${BIND_V4}:443