HAProxy Enterprise Documentation 1.8r2

Deny

You can deny a client's HTTP request or a server's response by using the following two directives in your frontend or listen section:

Directive

Result

http-request deny

Returns a 403 Forbidden error to the client

http-response deny

Returns a 502 Bad Gateway error to the client

In the example below, we deny the client's request if they've made more than 20 requests within the last minute. Rather than return a 403 Forbidden error, we set the deny_status parameter to 429, returning a Too Many Requests error:

frontend www
   bind :80

   # use a stick table to track request rates
   stick-table type ip size 100k expire 2m store http_req_rate(1m)
   http-request track-sc0 src

   # Deny if they exceed the limit
   acl too_many_requests sc_http_req_rate(0) gt 20
   http-request deny deny_status 429 if too_many_requests

   default_backend webservers

In the next example, we deny the server's HTTP response and send an error to the client if the response does not include an HTTP header named Content-Type set to text/html:

frontend www
   bind :80
   acl content_type_html res.hdr(Content-Type) text/html
   http-response deny unless content_type_html
   default_backend webservers

Next up

Single Sign-on