On Wed, May 19, 2010 at 9:43 PM, Willy Tarreau <[email protected]> wrote: > On Wed, May 19, 2010 at 04:49:02PM -0700, Chih Yin wrote: > > Hi Mariusz, > > > > On Wed, May 19, 2010 at 2:18 PM, Mariusz Gronczewski <[email protected] > >wrote: > > > > > One more thing about config, u dont need to do > > > acl is_msn01 hdr_sub(X-Forwarded-For) 64.4.0 > > > acl is_msn02 hdr_sub(X-Forwarded-For) 64.4.1 > > > acl is_msn03 hdr_sub(X-Forwarded-For) 64.4.2 > > > and then > > > use_backend robot_traffic if is_msn01 or is_msn02 or is_msn03 > > > > > > u can just do > > > acl is_msn hdr_sub(X-Forwarded-For) 64.4.0 > > > acl is_msn hdr_sub(X-Forwarded-For) 64.4.1 > > > acl is_msn hdr_sub(X-Forwarded-For) 64.4.2 > > > > > > and then > > > use_backend robot_traffic if is_msn > > > > > > ACLs with same name are automatically ORed together. > > > > > > or better yet, match bots by user-agent not by IP > > > http://www.useragentstring.com/pages/useragentstring.php > > > > > > > > Thank you so much. This is definitely helpful! > > Also, since 1.3.21 you have the "hdr_ip" ACL which can parse > IP addresses from headers. What that means is that instead of > doing sub-string matching, you can match networks, which is > faster and allows globbing. For instance : > > acl is_msn hdr_sub(X-Forwarded-For) 64.4.0 > acl is_msn hdr_sub(X-Forwarded-For) 64.4.1 > > can be replaced by : > > acl is_msn hdr_ip(X-Forwarded-For) 64.4.0.0/15 > > And with 1.4.6, you'll even be able to fill all known networks > in a file and load them in one line : > > acl is_msn hdr_ip(X-Forwarded-For) -f /etc/haproxy/msn_networks.txt > > Thank you for the suggestion Willy. I will definitely give this a try as well.
C.Y. > Willy > >
