new options

utils/haproxy_config.py

@@ -87,7 +87,9 @@ def update_haproxy_config(frontend_name, frontend_ip, frontend_port, lb_method,
                           allowed_ip, forbidden_path, sql_injection_check, is_xss, is_remote_upload,
                           add_path_based, redirect_domain_name, root_redirect, redirect_to, is_webshells,
                           del_server_header=False, backend_ssl_redirect=False, ssl_redirect_backend_name='',
-                          ssl_redirect_port='80', frontend_hostname=''):
+                          ssl_redirect_port='80', frontend_hostname='', add_custom_acl=False,
+                          custom_acl_name='', custom_acl_type='path_beg', custom_acl_value='',
+                          custom_acl_action='route', custom_acl_backend='', custom_acl_redirect_url=''):
     
     os.makedirs(os.path.dirname(HAPROXY_CFG), exist_ok=True)
     
@@ -174,6 +176,30 @@ def update_haproxy_config(frontend_name, frontend_ip, frontend_port, lb_method,
                 haproxy_cfg.write("    acl blocked_webshell path_reg -i /(cmd|shell|backdoor|webshell|phpspy|c99|kacak|b374k|log4j|log4shell|wsos|madspot|malicious|evil).*\\.php.*\n")
                 haproxy_cfg.write(f"    http-request deny if blocked_webshell\n")
             
+            # ===== CUSTOM ACL RULES =====
+            if add_custom_acl and custom_acl_name and custom_acl_value:
+                # Write ACL rule based on type
+                if custom_acl_type == 'path_beg':
+                    haproxy_cfg.write(f"    acl {custom_acl_name} path_beg {custom_acl_value}\n")
+                elif custom_acl_type == 'path_end':
+                    haproxy_cfg.write(f"    acl {custom_acl_name} path_end {custom_acl_value}\n")
+                elif custom_acl_type == 'path_sub':
+                    haproxy_cfg.write(f"    acl {custom_acl_name} path_sub {custom_acl_value}\n")
+                elif custom_acl_type == 'hdr':
+                    haproxy_cfg.write(f"    acl {custom_acl_name} hdr_sub(host) -i {custom_acl_value}\n")
+                elif custom_acl_type == 'src':
+                    haproxy_cfg.write(f"    acl {custom_acl_name} src {custom_acl_value}\n")
+                elif custom_acl_type == 'method':
+                    haproxy_cfg.write(f"    acl {custom_acl_name} method {custom_acl_value}\n")
+                
+                # Apply action based on type
+                if custom_acl_action == 'deny':
+                    haproxy_cfg.write(f"    http-request deny if {custom_acl_name}\n")
+                elif custom_acl_action == 'redirect' and custom_acl_redirect_url:
+                    haproxy_cfg.write(f"    http-request redirect location {custom_acl_redirect_url} if {custom_acl_name}\n")
+                elif custom_acl_action == 'route' and custom_acl_backend:
+                    haproxy_cfg.write(f"    use_backend {custom_acl_backend} if {custom_acl_name}\n")
+            
             # ===== BACKEND ROUTING =====
             if acl_name_sanitized:
                 # Jeśli jest hostname, routuj z ACL