How to create basic authentication on HAProxy(Userlist)

About Userlists

It is possible to control access to frontend/backend/listen sections or to http stats by allowing only authenticated and authorized users. To do this, it is required to create at least one userlist and to define users.

Go to UP

Create Userlists

For creating a userlist go to the HAProxy -> Add proxy -> Userlists tab.

Choose a server where you would like to create the userlist and write down a name for the userlist(in the black box)

If you would like to create a group into the userlist, then write down a name for the userlist group(in the green box). Press the "+" if you would like to add extra groups

Write down users names and passwords for them(in the green box). Press the "+" if you would like to add extra users

Note: Be aware, HAProxy-WI creates a plain password, without hashing it

Also you can set groups for users(in the yellow box)

Create Userlists
Go to UP

Add Userlist to HAProxy config

Create ACL rule inside frontend/backend/listen section that will allow every user defined in specified userlist:

acl draw-auth http_auth(test_auth)
http-request auth realm basic unless draw-auth
            

If you would like to use group from the userlist, then create next ACL:

acl is-basic-auth-user-with-group  http_auth_group(test_auth) test_group_auth
http-request auth realm basic unless is-basic-auth-user-with-group
            
Go to UP