haproxy ssh filter

 HAPROXY SSH FILTER


https://www.haproxy.com/blog/route-ssh-connections-with-haproxy/

Restrict clients to SSH only

Currently, we are routing SSH communication through HAProxy to backend servers. It’s possible that a client could try to connect using the wrong protocol, such as trying to connect using a web browser. Although the backend servers will rebuff these connections, you could stop them at the HAProxy layer. Add the following lines your frontend section to check whether the connection is SSH and reject it otherwise:

frontend fe_ssh
# ...other settings...
tcp-request inspect-delay 5s
acl valid_payload req.payload(0,7) -m str "SSH-2.0"
tcp-request content reject if !valid_payload
tcp-request content accept if { req_ssl_hello_type 1 }

댓글

이 블로그의 인기 게시물

remove bluebirds.exe , virtual drive

4,5,6 띠 저항의 색띠를 읽는 법(띠저항 값)

수지에서 인천공항 리무진 버스 (인천공항버스정보)(2022년3월업데이트)