How to block IP addresses in HAProxy?

You can drop an IP at the tcp level by creating an ACL and then using connection reject if the ACL is matched:

    acl bad_ip src 10.10.10.0
    tcp-request connection reject if bad_ip

You could also set up a 403 backend and send them to that if you want to do it at the HTTP level:

frontend foo
        ...
        acl bad_ip src 10.10.10.0
        use_backend bad_guy if bad_ip
...

backend bad_guy
        mode http
        errorfile 403 /etc/haproxy/errors/403.http

These ACLs can be pretty flexible, and you can make it so multiple conditions within an ACL, or multiple ACLs within the action have to be met. More at http://haproxy.1wt.eu/download/1.5/doc/configuration.txt .