Home
Help
Search
Login
Register
OPNsense Forum
»
English Forums
»
Web Proxy Filtering and Caching
(Moderator:
fabian
) »
Enforce Clint Certificat Verification with haproxy to internal sites
« previous
next »
Print
Pages: [
1
]
Author
Topic: Enforce Clint Certificat Verification with haproxy to internal sites (Read 3324 times)
hbau
Newbie
Posts: 1
Karma: 0
Enforce Clint Certificat Verification with haproxy to internal sites
«
on:
August 27, 2018, 01:37:00 pm »
Hi All,
I´ll be posting this question here at OPNSense Forum, because i think it belongs rather here and not in the haproxy forum, due to the OPNsense frontend configuration for haproxy.... (hope i`m right...)
I`m using the latest OPNSens Version 18.7.1 an for reverseproxying i`m using HAProxy Plugin Version (2.7_2).
On internal Severs i`m running different Applicatiopns with WebAcces wich i`m pubilishing throug haproxy plugin to the world. LetsEncrypt ssl termination at opnsens works fine, and i reach the internal App trough my path rules.
e.g.: Url:
https://FQDNS/App1
with Serverbackand: "Server1" using Rule (with condition path starts with) : "/App1" and URL
https://FQDNS/App2
with Serverbackand: "Serevr2" using Rule (with condition: path starts with) : "/App2"
Now i want to limit access only to clients wich present a valid client certificate.
I set up an internal CA. Issued a client certificate th a user, installed the client certificate in my browser.
I understand that haproxy dose that via the config switch "verify required" in the ssl ca settings. If i`m globaly switching that on trough the Global Parameters settings under the Settings tab. But i want to limit it only to certain apps...
If i`m configurating a condition under the "Rules&Checks" Tab " "SSL Client certificate is valid" what rule do i have to configure to use that condition?
I simply cant get OPNSense HAProxy to aks for the client certificate befor redirekting to one of the backend apps...
Anny suggestions?
Thanx
HBau
«
Last Edit: August 27, 2018, 04:48:50 pm by hbau
»
Logged
Print
Pages: [
1
]
« previous
next »
OPNsense Forum
»
English Forums
»
Web Proxy Filtering and Caching
(Moderator:
fabian
) »
Enforce Clint Certificat Verification with haproxy to internal sites