haproxy ssh filter
HAPROXY SSH FILTER https://www.haproxy.com/blog/route-ssh-connections-with-haproxy/ Restrict clients to SSH only Currently, we are routing SSH communication through HAProxy to backend servers. It’s possible that a client could try to connect using the wrong protocol, such as trying to connect using a web browser. Although the backend servers will rebuff these connections, you could stop them at the HAProxy layer. Add the following lines your frontend section to check whether the connection is SSH and reject it otherwise: frontend fe_ssh # ...other settings... tcp-request inspect-delay 5s acl valid_payload req.payload( 0 , 7 ) -m str "SSH- 2.0 " tcp-request content reject if !valid_payload tcp-request content accept if { req_ssl_hello_type 1 } view raw