Hello,
I think I may found a bug related to file based acls.
according to the documentation:
"The "-f" flag is special as it loads all of the lines it finds in the file
specified in argument and loads all of them before continuing. It is even
possible to pass multiple "-f" arguments if the patterns are to be loaded from
multiple files. Empty lines as well as lines beginning with a sharp ('#') will
be ignored."
if in my acl file I left an empyy line I get this when I do a
configuration check
[ALERT] 003/152954 (11567) : parsing [/etc/haproxy/haproxy.cfg:38] :
error detected while parsing ACL 'invalid_src'.
[ALERT] 003/152954 (11567) : Error(s) found in configuration file :
/etc/haproxy/haproxy.cfg
[ALERT] 003/152954 (11567) : Fatal errors found in configuration.
here is the haproxy configuration file *relevant part*
frontend http
mode http
log global
option httplog
bind XXX.XXX.XXX.XXX:80 # standard 80
acl invalid_src src -f /etc/haproxy/ips.deny
block if invalid_src
default_backend farm1
and my "ips.deny" file
# ips to block
yyy.yyy.yyy.yyy
xxx.xxx.xxx.xxx/z
uuu.uuu.uuu.uuu
however if I just add a sharp between the comment and the first ip
like this, the configuration works as expected:
# ips to block
#
yyy.yyy.yyy.yyy
xxx.xxx.xxx.xxx/z
uuu.uuu.uuu.uuu
OS: centos 5.4
haproxy version: 1.4.8
Thank you
--
Gabriel Sosa
Si buscas resultados distintos, no hagas siempre lo mismo. - Einstein
