Hi Chris, On Fri, Jan 15, 2010 at 10:20:29AM +0000, Chris Sarginson wrote: > Hi guys, > > Is there a limit on the amount of infomation you can put as part of an > acl? I want to do the following: > > acl ip_ssl_block_72 hdr_reg(X-Real-IP) 10.10.10.10
use hdr_ip() and not hdr_reg. It returns a real IP address that you can match against IP/masks and is much more efficient than regex matching. Also, regexes are very dangerous to match IP addresses because we almost always forget that dots match any character (as you did above). > but keep just expanding the list of IPs in there (they are pulled from a > backend database we have and inserted in). I'm using the header as > traffic is being proxied across from nginx which is answering SSL > connections. you're limited to 2047 characters per config line, but you can add as many of these "acl ip_ssl_block_72" lines as you want. Hoping this helps, Willy > Chris
