PMG quarantine links behind HA Proxy

[tplecko]

Not a direct PMG question.
PMG sends quarantine links to people, and it would be excellent if the links worked from public internet, but I don't want admin interface to be exposed.
So I tried configuring HA Proxy to accept connections to /quarantine, but deny everything else.
I'm stuck, since i can only get part of the page rendered.


Did anyone manage to get this working?

Here's my HA Proxy configuration:
acl METHOD_get method GET
acl HDR_pmg hdr(host) -i mail.example.com:8006
acl PMG_quarantine path_beg /quarantine
acl PMG_static path_beg /pve2 /pwt /fontawesome
acl PMG_js path_beg /proxmoxlib.js /qrcode.min.js
http-request deny if HDR_pmg !PMG_quarantine !PMG_static !PMG_js !METHOD_get
use_backend BCK_pmg if HDR_pmg

backend BCK_pmg
mode http
balance source
http-request set-header X-Client-IP %[src]
http-request set-header X-Forwarded-Proto https
option forwardfor header X-Forwarded-For
timeout connect 10s
timeout server 10m
server pmg-1 10.1.0.247:8006 check ssl verify none



Any help would be appreciated.

If PMG has some native way to do this (set a different URI in pmg, eg. quarantine.example.com), I'm open to that solution?


Thanks

 

[tplecko]

Been banging my head for a day, and then I solve it 50 minutes after posting.
I've been missing another path.
This is the final HA Proxy config:
acl HDR_quarantine hdr(host) -i mail.examplecom
acl PMG_path path_beg -i /quarantine /pve2 /pwt /fontawesome /mobile /framework7 /proxmoxlib.js /qrcode.min.js /favicon /api2
http-request deny if HDR_quarantine !PMG_path
use_backend BCK_pmg if HDR_quarantine

allows paths specified in PMG_path
and then drops everything else (match FQDN, and not path)