You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
Hello.
My haproxy ingress is published in internet.
For services and ingresses that are explicitly defined I'm able to limit access by IP/request path etc...
But default backend is opened without limitation.
So everyone can just query my IP without hostname and request non-existennt files or try to test exploits.
I tried to add strict_sni option to global object like that
I expect that option will be added to default https frontend actually it was added to stats frontend.
I also cannot find a way to add backend-config-snippet to default backend so I would be able to define custon deny rules inside.
So question is how to correcly protect default backend from unlegitimate requests?
The text was updated successfully, but these errors were encountered:
Hello.
My haproxy ingress is published in internet.
For services and ingresses that are explicitly defined I'm able to limit access by IP/request path etc...
But default backend is opened without limitation.
So everyone can just query my IP without hostname and request non-existennt files or try to test exploits.
I tried to add strict_sni option to global object like that
I expect that option will be added to default https frontend actually it was added to stats frontend.
I also cannot find a way to add backend-config-snippet to default backend so I would be able to define custon deny rules inside.
So question is how to correcly protect default backend from unlegitimate requests?
The text was updated successfully, but these errors were encountered: