Hi David, On Thu, Mar 17, 2011 at 04:17:15AM -0400, David Birdsong wrote: > this line in my haproxy config: > acl bad_guys_ip hdr(X-Forwarded-For) -f /etc/haproxy/block_ip.txt > > will block a single ip, but i can't figure out the syntax for specifying a > subnet > this block_ip.txt blocks my ip > <snip> > # comment lines ok > > # block an ip > x.x.x.86 > > # block a subnet doesn't work for some reason > # x.x.x.0/24
I'm pretty certain that subnets do work in files. However, in your case, that's a bit different. "hdr()" returns a string, so you're performing string matching against all patterns in the file. Replace that with hdr_ip() and the match will be performed as an IP address, and you'll see your masks work. Regards, Willy
