7월, 2022의 게시물 표시

haproxy ssh filter

  HAPROXY SSH FILTER https://www.haproxy.com/blog/route-ssh-connections-with-haproxy/ Restrict clients to SSH only Currently, we are routing SSH communication through HAProxy to backend servers. It’s possible that a client could try to connect using the wrong protocol, such as trying to connect using a web browser. Although the backend servers will rebuff these connections, you could stop them at the HAProxy layer. Add the following lines your  frontend  section to check whether the connection is SSH and reject it otherwise: frontend fe_ssh # ...other settings... tcp-request inspect-delay 5s acl valid_payload req.payload( 0 , 7 ) -m str "SSH- 2.0 " tcp-request content reject if !valid_payload tcp-request content accept if { req_ssl_hello_type 1 } view raw