Merge branch 'v36'

SURFscz · Oct 1, 2024 · d3048a9 · d3048a9
2 parents e4defc6 + 086cc77
commit d3048a9
Show file tree

Hide file tree

Showing 2 changed files with 5 additions and 2 deletions.
diff --git a/roles/lb_haproxy/defaults/main.yml b/roles/lb_haproxy/defaults/main.yml
@@ -21,3 +21,6 @@ haproxy_ldap_acl_group: "aclsync_config"
 haproxy_state_file: "/var/lib/haproxy/state"
 
 haproxy_socket_group: "haproxy_admins"
+
+haproxy_internal_hosts:
+  - "10.0.0.0/8"
diff --git a/roles/lb_haproxy/templates/haproxy.cfg.j2 b/roles/lb_haproxy/templates/haproxy.cfg.j2
@@ -102,7 +102,7 @@ frontend fe_https
     acl url_static path_beg /api/images
     http-request track-sc1 url32+src table proxy_req_rates unless url_static
     acl exceeds_limit sc_gpc0_rate(0) gt 50
-    acl network_allowed src {{ iprange.internal }}
+    acl network_allowed src -- {{ haproxy_internal_hosts | join(' ') }}
     http-request sc-inc-gpc0(0) if { sc_http_req_rate(1) eq 1 } !exceeds_limit
     http-request deny deny_status 429 if exceeds_limit !network_allowed
 {% endif %}
@@ -156,7 +156,7 @@ listen {{name}}
                     "green" if "green" in groups and be_server in groups["green"] else
                     "server" -%}
     {% set server_name = "{}-{}".format(colour, loop.index) -%}
-    server {{server_name}} {{be_server}}:{{host.backend_port}} ssl check weight 10 {% if loop.index==1 %}on-marked-up shutdown-backup-sessions{%else%}backup{%endif%}
+    server {{server_name}} {{be_server}}:{{host.backend_port}} ssl check weight 10 {% if loop.index==1 %}on-marked-up shutdown-backup-sessions{% else %}backup{% endif %}
 
     {% endfor %}