Hello all,
I am starting to hit some limitations in haproxy's configuration options !
I have decided to use this product to sit in front of a cloud
environment hosting several websites as I have used it many times for
several years and have alays found it very, very efficient.
At the moment I have over 20 hosted websites (much more might come
in). So basically, at least as much ACL's for this (and actually much,
much more). I do NOT want a default_backend. On the contrary, I need
(security reasons) to block access excepted if the user comes with the
correct http header (virtual hosting). I also have to grant access to
the site to a restricted list of IP's (developer agencies) before an
official go-live is set up for specific sites, or for some admin areas
of those websites.
So, in other words, I have one HUGE line with is a :
block unless is_website_01 || is_website02 || is_website_02 ||
is_allowed_agency_01 || is_allowed_agency_02 ...
Then follow the use_backend website_01 if is_website_01 (and
potentially also if_allowed_agency_01)
And... I have faced a limit of over 2047 chracters in one line, now !
I tried to rewrite the ACL's list in this way :
acl is_website_01 www.website01.com (already existing)
acl is_website_02 www.website02.com (already existing)
acl is_all_allowed_websites is_website_01
acl is_all_allowed_websites is_website_02
acl is_allowed_agency_01 x.x.x.x (already existing)
acl is_allowed_agency_02 y.y.y.y (already existing)
acl is_all_allowed_agencies is_allowed_agency_01
acl is_all_allowed_agencies is_allowed_agency_02
block unless is_all_allowed_websites || is_all_allowed_agencies
But apparently this approach is not possible in haproxy ?
That leaves me with the only option of re-writing all ACL's twice, then...
acl is_website_01 www.website01.com (already existing)
acl is_website_02 www.website02.com (already existing)
acl is_all_allowed_websites www.website01.com
acl is_all_allowed_websites www.website02.com
acl is_allowed_agency_01 x.x.x.x (already existing)
acl is_allowed_agency_02 y.y.y.y (already existing)
acl is_all_allowed_agencies x.x.x.x
acl is_all_allowed_agencies y.y.y.y
block unless is_all_allowed_websites || is_all_allowed_agencies
Is there no way to have the preferred option of re-using ACL's into
another ACL's possible ?
Many thanks !!
Guillaume Demillecamps
