How to create and manage blacklist for HAProxy

About blacklists

When an IP address is blacklisted, the traffic coming from this IP is dropped regardless the TCP port filtering policies.

The blacklist as well as the whitelist cannot include more than 512 different class C networks.

Go to TOP

Create blacklist

With Roxy-WI you can created and manage blacklists and whitelists via the web panel.

For creating blacklists go to the HAProxy -> Lists page, enter the ame of a new black list and press "Create":

Go to TOP

Edit blacklist

After reloading the page you will see the blacklist in the "Existing blacklists"(in the blue box). Select a server for uploading (in the black box), press the name of the list to open and edit it. Fill it withs IPs and press "Just save"(in the green box) to avoid unnecessary reboots of the HAProxy service.

Go to TOP

Add blacklist to HAProxy config

After you have finished editing the blacklist go to the "Add proxy" page and select a type of proxy you would like to create. In our example it will be Frontend, so we press "Create HTTP frontend". After the tab opens press "Show Advanced settings" and you will see the dditional settings. Check the "blacklist" checkbox in the "WAF" section and start typing name of the blacklist you have just created:

Select the blacklist, fill in all necessary fields and press the "Add Frontend" button. Do not forget to restart the HAProxy service.

Go to TOP

Dynamic editing lists

You can also edit your lists via the console without using the HAProxy WI. In this case you need to restart the HAProxy service after saving the changes. This, however, may not be convenient, especially if you have many HAProxy services.

Due to these reasons Roxy-WI allows toe edit lists via the web panel without restarting HAProxy services and keeps the changes persistently. Your customers will even not know about any changes =^.^=.

To do this go to Runtime API -> Lists, select a server and you will see blacklists currently used in the HAProxy config(in the black box).

Press the "Get list" button and you will see contents of of the selected list. You can add and delete IP as it is shown on the picture below.These changes will take effect immediately. Roxy-WI will also edit the blacklist so that your changes be saved on the next restart.

Go to TOP

Was this article helpful?

Yes, thanks!
Go back