Hi Harvey On 2010-01-28 00:42, Harvey Yau wrote: > I've been trying to use ACLs to block or choose a backend based on > source IP address. It works perfectly in mode HTTP, but fails miserably > in mode TCP. Is there something obvious that I'm missing or is this a bug? > > mode tcp > acl myips src 149.28.0.0/16 > block if myips
The block keyword work on level 7 only. You could however try somthing like this: acl myips src 149.28.0.0/16 tcp-request content reject if myips For more examples see the documentation for tcp-request at http://haproxy.1wt.eu/download/1.3/doc/configuration.txt Regards, Holger
