Pfsense haproxy6/23/2023 You might ask yourself: how should I create the encrypted passwords? Please leave the “ Condition acl names” empty. We create a “ Action” as “ http-request auth” with the “ realm:” vale of “ realm UserGroup unless BackendAccess”. In my Example I use a “ Access Control list” as “ Custom acl” with the name “ BackendAccess” and the Value “ http_auth(UserGroup)” You can do this for a Frontend and/or Backend: Now modify your Access control lists and actions. Please note the following: Always put the userlist to the end of you custom options! Paste the snippet above to the custom options on the HAProxy settings: User User2 insecure-password YourInsecurePasswordStringHereĪgain: I highly recommend to use encrypted passwords! My example will use SHA-512 encrypted passwords. User User1 insecure-password YourInsecurePasswordStringHere Same as above with plain text passwords: userlist UserGroup Sample of a userlist with the name UserGroup userlist UserGroup If you really know what you are doing: You can use plain text passwords here as well, but they are stored as plain text within the config files and can not recommend to do so! You can use DES, MD5, SHA-256, and SHA-512 encrypted passwords. He was wrong: It is possible, but the process is not directly implemented within the UI.īased on the HAProxy documentation, create a UserList. I want to protect a backend Server with basic authentication, and this is not working with the pfSense package of HAProxy. The only thing you might miss: A nice Web GUI! I also like the Open Source Firewall pfSense a lot! Best of all: There is a HAProxy package for pfSense that provide a nice Web UI. It’s reliable and flexible Open Source Load Balancer for TCP and HTTP. I’m a big fan of HAProxy and I try to use it whenever possible. HowTo User Authentication with HAProxy on pfSense Dec 26, 2018
0 Comments
Leave a Reply. |