Protecting a Haproxy backend with basic-auth

For security, this should only be set up as below on an SSL secured site!

This feature is useful for being able to restrict access to certain backends within your HAProxy configuration to add an additional layer of authentication (Eg for a development website)

Within your Haproxy config (I typically place this at the top for ease of editing). Add the following lines (With a plaintext password for your user):

userlist trusted_users
user [username] insecure-password [password]

Now, edit your backend to include the following two lines:

 acl AuthOkay_[siteName] http_auth(trusted_users)
http-request auth if !AuthOkay_[siteName]

Restart HAproxy to apply. When you browse to your site now you should be prompted for credentials – Enter the ones set above and you are in!

This is great if you would like a quick-and-easy password protection for your backend – Though if you would like more security, you should set up hashed password protection for Haproxy.

Any comments or questions? Get in touch here or Email me at [email protected]