From e0ece7d3332be2aa57f096da46a0634541316121 Mon Sep 17 00:00:00 2001 From: Simon Rozman Date: Thu, 19 Mar 2026 12:03:14 +0100 Subject: [PATCH] feat(docs): Update HAProxy Advanced Variant documentation (#1521) Added note on HAProxy's responsibility to handle Git HTTP and bot traffic whitelisting. Signed-off-by: Simon Rozman --- docs/docs/admin/environments/haproxy.mdx | 2 ++ 1 file changed, 2 insertions(+) diff --git a/docs/docs/admin/environments/haproxy.mdx b/docs/docs/admin/environments/haproxy.mdx index 24b0bb34..3acc5766 100644 --- a/docs/docs/admin/environments/haproxy.mdx +++ b/docs/docs/admin/environments/haproxy.mdx @@ -48,6 +48,8 @@ This simply enables SSL offloading, sets some useful and required headers and ro Due to the fact that HAProxy can decode JWT, we are able to verify the Anubis token directly in HAProxy and route the traffic to the specific backends ourselves. +Mind that rule logic to allow Git HTTP and other legit bot traffic to bypass is delegated from Anubis to HAProxy then. If required, you should implement any whitelisting in HAProxy using `acl_anubis_ignore` yourself. + In this example are three applications behind one HAProxy frontend. Only App1 and App2 are secured via Anubis; App3 is open for everyone. The path `/excluded/path` can also be accessed by anyone. ```mermaid