On Wed, May 19, 2010 at 04:49:02PM -0700, Chih Yin wrote:
> Hi Mariusz,
>
> On Wed, May 19, 2010 at 2:18 PM, Mariusz Gronczewski <[email protected]>wrote:
>
> > One more thing about config, u dont need to do
> > acl is_msn01 hdr_sub(X-Forwarded-For) 64.4.0
> > acl is_msn02 hdr_sub(X-Forwarded-For) 64.4.1
> > acl is_msn03 hdr_sub(X-Forwarded-For) 64.4.2
> > and then
> > use_backend robot_traffic if is_msn01 or is_msn02 or is_msn03
> >
> > u can just do
> > acl is_msn hdr_sub(X-Forwarded-For) 64.4.0
> > acl is_msn hdr_sub(X-Forwarded-For) 64.4.1
> > acl is_msn hdr_sub(X-Forwarded-For) 64.4.2
> >
> > and then
> > use_backend robot_traffic if is_msn
> >
> > ACLs with same name are automatically ORed together.
> >
> > or better yet, match bots by user-agent not by IP
> > http://www.useragentstring.com/pages/useragentstring.php
> >
> >
> Thank you so much. This is definitely helpful!
Also, since 1.3.21 you have the "hdr_ip" ACL which can parse
IP addresses from headers. What that means is that instead of
doing sub-string matching, you can match networks, which is
faster and allows globbing. For instance :
acl is_msn hdr_sub(X-Forwarded-For) 64.4.0
acl is_msn hdr_sub(X-Forwarded-For) 64.4.1
can be replaced by :
acl is_msn hdr_ip(X-Forwarded-For) 64.4.0.0/15
And with 1.4.6, you'll even be able to fill all known networks
in a file and load them in one line :
acl is_msn hdr_ip(X-Forwarded-For) -f /etc/haproxy/msn_networks.txt
Willy
