Hi Jens, You can setup 2 ACLs, one with IPs one with your header and use them on the use_backend line: acl myip src 1.1.1.1 1.1.1.2 acl myheader hdr(MyHeader) keyword use_backend acl_collector myip || myheader
Note that the use_backend order matters. The first matching will be used. So it's up to you to set them in the best order for your nees. Regards On Wed, Mar 21, 2012 at 9:52 PM, Jens Dueholm Christensen (JEDC) <[email protected]> wrote: > Hi > > I'm having trouble wrapping my head around what I belive is a really simple > problem. > > I've got a working HAProxy setup with a few listeners and a few backends and > some ACL's that direct traffic accordingly. > > Now I'm about to add a new backend for some function-testing in this setup, > and I want to restrict what ends up there. > > This is thinned down version of my configuration (oh, global or default-level > ACL's be nice..): > > --- > global > ... > > defaults default > mode http > balance roundrobin > > listen in-DK > bind 127.0.0.1:4431 > > acl acl_collector path_beg -f /etc/haproxy/collector_patterns.lst > acl acl_collector hdr_sub(Referer) -f > /etc/haproxy/collector_patterns.lst > > acl acl_webservice path_beg /services > > use_backend collectors if acl_collector > use_backend webservice if acl_webservice > > default_backend admin > > listen in-NO > bind 127.0.0.1:4432 > > acl acl_collector path_beg -f /etc/haproxy/collector_patterns.lst > acl acl_collector hdr_sub(Referer) -f > /etc/haproxy/collector_patterns.lst > > acl acl_webservice path_beg /services > > use_backend collectors if acl_collector > use_backend webservice if acl_webservice > > default_backend admin > > backend admin > server admin1 172.27.80.36:8080 id 1 maxconn 500 check observe layer7 > > backend webservice > server webservice1 172.27.80.37:8080 id 2 maxconn 500 check observe > layer7 > > backend collectors > server collector1 172.27.80.38:8080 id 3 maxconn 1000 check observe > layer7 > server collector1 172.27.80.39:8080 id 4 maxconn 1000 check observe > layer7 > --- > > The file /etc/haproxy/collector_patterns.lst contains these 3 lines: > --- > /collect > /answer > /LinkCollector > --- > > This new backend I want for testing (let's call it new_collectors) should > recieve the traffic the existing ACL acl_collector directs to the backend > collectors, but ONLY if that traffic comes from a certain IP or contains a > certain HTTP header. > > How do I manage that? > > Regards, > Jens Dueholm Christensen > >
