On Tue, Jan 25, 2011 at 4:13 PM, Cyril Bonté <[email protected]> wrote: > Hi Robert, > > Le mercredi 26 janvier 2011 00:39:53, Robert Joseph a écrit : >> hello, >> >> i run two sets of servers, each with an haproxy layer. one set is: >> HA-Proxy version 1.4.8 2010/06/16 >> >> the other is: >> HA-Proxy version 1.4-dev3 2009/09/23 > > It looks funny to see such a version in use, but it can be dangerous as it was > an early version of the 1.4 branch. > >> i am using an external file with a long list of referers that i want >> to block. in both server sets, it is invoked like so: >> acl invalid_referer hdr_sub(referer) -i -f >> /etc/haproxy/banned.haproxy.conf block if invalid_referer >> >> on set 1 (1.4.8), this works fine, those referers get 403's, and i get >> log lines like: >> Jan 25 15:28:56 127.0.0.1 haproxy[30545]: 127.0.0.1:9921 >> [25/Jan/2011:15:28:56.240] yfrog_web yfrog_web/<NOSRV> 0/-1/-1/-1/0 >> 403 188 - - PR-- 82/6/0/0/0 0/0 {yfrog.com|linkbucks.com|172.31.0.86} >> "HEAD / HTTP/1.0" >> >> it's blocked, i see the nice NOSRV and PR-- >> >> on the other server set (1.4-dev3), the config passes the syntax >> check, but matching referers are not blocked: > > This feature only appeared in haproxy 1.4.5 (I guess that previous versions > will try to find a "-f" referer, not sure about that). > > From the changelog : > 2010/05/13 : 1.4.5 > - [MINOR] acl: support loading values from files > >> the configurations are very nearly identical, except that in set 1 i >> invoke the ACL in a "frontend" section, and in set 2 i invoke it in a >> "listen" section. per >> http://haproxy.1wt.eu/download/1.5/src/CHANGELOG, support for -f was >> added in 1.4-dev1: >> - [MEDIUM] config: support loading multiple configuration files >> >> am i missing something? > > Oh ok, this is not the same "-f" at all. The one you quote is for the command > line options, to "explode" the haproxy configuration file in several ones.
ahah. okay, thanks, time to upgrade. -r > > -- > Cyril Bonté > -- Robert Joseph ImageShack Corp Free Image Hosting www.imageshack.us
