Hello,
Ok, i update the server to 1.5 version but i have some troubles between
stick-table and the acl.
Before, i had:
listen host1 *:80
...
mode http
acl block_invalid_client hdr_sub(True-Client-IP) -f true-client-ip.lst
block if block_invalid_client
...
Now, i try to change the file to a stick table:
backend host1
...
stick-table type ip size 1m store gpc0
acl block_invalid_client hdr_ip(True-Client-IP) -- { stick match(host1) }
http-request deny if block_invalid_client
...
But not work:
error detected while parsing ACL 'block_invalid_client' : '{' is not a
valid IPv4 or IPv6 address.
error detected while parsing an 'http-request deny' condition : no such ACL
: 'block_invalid_client'.
¿Is it possible to match http header inside an acl to a stick table?
Thanks,
----- Mensaje original -----
De: Baptiste <[email protected]>
Para: Ricardo Fraile <[email protected]>
CC: "[email protected]" <[email protected]>
Enviado: Miércoles 29 de Mayo de 2013 14:51
Asunto: Re: Block clients based on header in real time?
Hi,
With latest HAProxy version, you could use a stick table and insert
IPs in the stick table through HAProxy socket.
Then you can ban all IPs from the stick table.
Baptiste
On Wed, May 29, 2013 at 1:05 PM, Ricardo Fraile <[email protected]> wrote:
> Hello,
>
>
> I'm looking for a solution for blocking users based on a header,
>x-forwarded-for. I have yet an acl for this but is it possible to update the
>list of ips without restart haproxy?
>
>
> Thanks,
>
