sniproxy icon indicating copy to clipboard operation
sniproxy copied to clipboard

Published 20 hours ago verified publisher icon dlundquist

Feature request: ACL for backends

Open sigio opened this issue 7 years ago • 1 comments

Hi, I'm currently playing around with SNIProxy, using it with the following config:

table https_hosts { ^.*$ *:443 }

As in.... proxy anything to the IPv6 address of the SNI name of connections coming in on ipv4 (the listen/bind is only on ipv4).

This way I don't have to update the config for every host/site that I need proxied. This means however that it is a somewhat open proxy.

it would be nice if there was a way to put an ACL on allowed backend, for example, to only allow traffic to a specific /64 subnet.

sigio avatar Aug 12 '18 16:08 sigio

I solved this problem by setting the resolver of sniproxy to my authoritative name server. That way, you can only proxy to hosts that are known to your name server.

jornane avatar Aug 13 '18 05:08 jornane