From 417734eed2376555dae492f920e8b126b55bb51b Mon Sep 17 00:00:00 2001
From: William Hirigoyen <whirigoyen+git@evolix.fr>
Date: Wed, 11 Jan 2023 16:14:46 +0100
Subject: [PATCH] haproxy: fix missing admin ACL in stats module access
 permissions

---
 CHANGELOG.md                             | 1 +
 haproxy/templates/haproxy.default.cfg.j2 | 2 +-
 2 files changed, 2 insertions(+), 1 deletion(-)

diff --git a/CHANGELOG.md b/CHANGELOG.md
index fba9fb49..7e03b8bf 100644
--- a/CHANGELOG.md
+++ b/CHANGELOG.md
@@ -25,6 +25,7 @@ The **patch** part changes is incremented if multiple releases happen the same m
 * evolinux-base: ensure dbus is started and enabled (not by default in the case of an offline netinst)
 * elasticsearch : use logrotate for garbage collector logs instead of breaking compression cron
 * docker-host: fix type in daemon.json and remove host configuration that is already in the systemd service by default
+* haproxy: fix missing admin ACL in stats module access permissions
 
 ### Removed
 
diff --git a/haproxy/templates/haproxy.default.cfg.j2 b/haproxy/templates/haproxy.default.cfg.j2
index e33d111a..0f13e54d 100644
--- a/haproxy/templates/haproxy.default.cfg.j2
+++ b/haproxy/templates/haproxy.default.cfg.j2
@@ -63,7 +63,7 @@ listen stats
     acl stats_users http_auth(stats_users)
     stats http-request auth realm "HAProxy admin" if !stats_access_ips !stats_users
 {% else %}
-    stats http-request deny if !stats_access_ips
+    stats http-request deny if !stats_access_ips !stats_admin_ips
 {% endif %}
 
     http-request set-log-level silent