Re: Using the socket interface to access ACLs

Tue, 01 Jul 2014 14:43:28 -0700 

On Tue, Jul 1, 2014 at 11:16 PM, William Jimenez
<william.jime...@itsoninc.com> wrote:
> Hi Baptiste, thank you for the response. I'm afraid I still don't follow.
> Say I have the an ACL that I want to toggle from its current state (as
> defined in the flat file) to 'always_false'. I can see it exists from the
> output of the 'show acl' command:
>
>> # id (file) description
>> 0 () acl 'always_true' file '/etc/haproxy/haproxy.cfg' line 19
>
> So to modify it I assume I would run something using 'add acl'. I thought
> you mentioned it needs to be defined in a file so I tried:
>>
>> # haproxyctl add acl myacl
>> 'add acl' expects two parameters: ACL identifier and pattern.
>
>
> where 'myacl' is a file containing:
>
>> acl redir_true always_true
>
>
> Hope that helps clarify the situation. What am I doing wrong?
>
> Thanks in advance,
> William
>
>
> On Tue, Jul 1, 2014 at 2:00 PM, Baptiste <bed...@gmail.com> wrote:
>>
>> On Tue, Jul 1, 2014 at 10:54 PM, William Jimenez
>> <william.jime...@itsoninc.com> wrote:
>> > Hello
>> > I am trying to modify ACLs via the socket interface. When I try to do
>> > something like 'get acl', I get an error:
>> >
>> > Missing ACL identifier and/or key.
>> >
>> > How do I find the ACL identifier or key for a specific ACL? I see the
>> > list
>> > of ACLs when i do a 'show acl', but unsure which of these values is the
>> > file
>> > or key:
>> >
>> > # id (file) description
>> > 0 () acl 'always_true' file '/etc/haproxy/haproxy.cfg' line 19
>> > 1 () acl 'src' file '/etc/haproxy/haproxy.cfg' line 20
>> > 2 () acl 'src' file '/etc/haproxy/haproxy.cfg' line 21
>> > 3 () acl 'src' file '/etc/haproxy/haproxy.cfg' line 22
>> >
>> > Thanks
>>
>> Hi William,
>>
>> In order to be able to update ACL content, they must load their
>> content from a file.
>> The file name will be considered as a 'reference' you can point to
>> when updating content.
>> Don't forget to update simultaneously the content from an ACL and from
>> the flat file to make HAProxy reload reliable :)
>>
>> Baptiste
>
>
>
>
> --
> William Jimenez
> Systems Engineer, Operations
> ItsOn, Inc.
> 650-241-8470 {us/pacific}


Hi William,

In your configuration, you should load your acl like this:
acl myacl hdr(Host) -f /path/to/myhosthdr.acl

then your file acl reference will be myhosthdr.acl.

Baptiste

Reply via email to