HAProxy basic auth except from specific IP

http-basic-authentication haproxy

I have set up basic authentication for my backend, like this:

backend webservers
    acl is_auth_ok http_auth(SiteUsers)
    http-request auth realm MySite if !is_auth_ok

This works but now I want to exclude a certain IP from being challenged with the authentication.

I've tried a few things but I haven't managed to get it working. To give you an idea of what I'm trying to do, here's something that I've tried (this provokes a haproxy parsing error):

backend webservers
    acl is_internal src <<my-ip-to-exclude>>
    acl is_auth_ok http_auth(SiteUsers)
    acl is_allowed if is_internal or is_auth_ok
    http-request auth realm MySite if !is_allowed

Basically I'm looking to do in HAProxy the equivalent of this in Apache:

<Directory /var/www>
  AuthUserFile /home/www/site1-passwd
  AuthType Basic
  AuthName MySite
  Require valid-user
  Order allow,deny
  Allow from 172.17.10     <--- This allows this IP to 
  Satisfy any              <--- get in without a password
</Directory>

What should my HAProxy config look like?


Solution 1:

backend webservers
    acl is_internal src <<my-ip-to-exclude>>
    acl is_auth_ok http_auth(SiteUsers)
    http-request auth realm MySite if !is_internal !is_auth_ok

This is the final working solution, thanks @GregL for pointing me in the right direction.

Related

postfix send double mail when mail is forwarded
How to download the saved images in the Rackspace cloud server?
Redhat LVM changing stripes?
mdadm puts wrong devices in array on boot Correct mdadm.conf file
Trying to setup HTTP2 on Apache
Group Policy to disable Printer Preferences
How to upgrade PHP version without any downtime?
How to monitor an RSS with Zabbix
How to manage multiple sites on the same server with Nginx?
Configuring Windows Server 2003 to start the administrator account even with no session?
APC Smart-UPS turning off by itself?
CentOS 6 Httpd failed to start