From 29a081884a0381f04a85bd1effb32dddd3850e6f Mon Sep 17 00:00:00 2001
From: Paul <paul@paulbsd.com>
Date: Sun, 1 Sep 2024 17:14:52 +0200
Subject: [PATCH] updated haproxy state

---
 states/haproxy/templates/haproxy.cfg.j2 | 15 +++++++++++++++
 1 file changed, 15 insertions(+)

diff --git a/states/haproxy/templates/haproxy.cfg.j2 b/states/haproxy/templates/haproxy.cfg.j2
index f7e1aae..f4b193c 100644
--- a/states/haproxy/templates/haproxy.cfg.j2
+++ b/states/haproxy/templates/haproxy.cfg.j2
@@ -127,6 +127,21 @@ defaults {{ haproxy.config.namespace }}
   {{ key }} {{ value }}
 {%- endfor %}
 
+  # Default ACLs
+  acl http ssl_fc,not
+  acl self_host req.hdr(Host) {{ fqdn }}
+  acl internal src -f {{ haproxy.config.dir }}/maps/access
+  acl domains req.hdr(Host),map_dom({{ haproxy.config.dir }}/maps/domains) -m found
+  acl allowhttp req.hdr(Host),map_dom({{ haproxy.config.dir }}/maps/allowhttp,false) true
+  acl ua req.hdr(User-Agent),map_beg(/etc/haproxy/maps/ua) -m found
+  acl security_txt path /.well-known/security.txt
+  acl robots_txt path /robots.txt
+  acl max_req_rate sc_http_req_rate(0) gt {{ haproxy.config.ddos.maxrequests|default(200) }}
+  acl path_root path /
+  acl path_info path /info
+  acl path_location path /location
+  acl version_http10 req.ver 1.0
+
 {% if haproxy.config.peers.hosts -%}
 peers paulbsd
   bind *:{{ haproxy.config.peers.port }} ssl crt {{ haproxy.config.acme_fullchains_dir }}