Enforce basic authentication for haproxy stat page
marde16 opened this issue · comments
Martin Vogel commented
Please add stats auth {{__haproxy_username}}:{{__haproxy_password}}
in the section "frontend http_stats" (and the necessary vars in the var file), because everyone who know and has access to the HAProxy stat page can put servers into maintenance mode or drain traffic from them wihtout authentication.
more information Exploring the HAProxy Stats Page (What You Should Know)
paul.nott commented
Hi Martin, thank you for the feedback. An internal ticket has been created and will be review by the squad