Hi Baptiste
I tried:
>
> # haproxyctl del acl myacl
> This command expects two parameters: ACL identifier and key.
then i tried this
# haproxyctl del acl myacl 0
> Unknown map identifier. Please use #<id> or <file>.
as well as the inverse ('0 myacl')
I do see the acl listed though:
# haproxyctl show acl
> # id (file) description
> 0 (/root/myacl) pattern loaded from file '/root/myacl' used by acl at file
> '/etc/haproxy/haproxy.cfg' line 19
> 1 () acl 'hdr' file '/etc/haproxy/haproxy.cfg' line 19
> 2 () acl 'src' file '/etc/haproxy/haproxy.cfg' line 21
Also a redirect stmt that uses the aforementioned threw an error when I
defined it like you suggested:
[ALERT] 180/204636 (5765) : parsing [/etc/haproxy/haproxy.cfg:31] : error
> detected in frontend 'x' while parsing redirect rule : error in condition:
> no such ACL : 'redir_true'.
-William
On Tue, Jul 1, 2014 at 2:42 PM, Baptiste <[email protected]> wrote:
> On Tue, Jul 1, 2014 at 11:16 PM, William Jimenez
> <[email protected]> wrote:
> > Hi Baptiste, thank you for the response. I'm afraid I still don't follow.
> > Say I have the an ACL that I want to toggle from its current state (as
> > defined in the flat file) to 'always_false'. I can see it exists from the
> > output of the 'show acl' command:
> >
> >> # id (file) description
> >> 0 () acl 'always_true' file '/etc/haproxy/haproxy.cfg' line 19
> >
> > So to modify it I assume I would run something using 'add acl'. I thought
> > you mentioned it needs to be defined in a file so I tried:
> >>
> >> # haproxyctl add acl myacl
> >> 'add acl' expects two parameters: ACL identifier and pattern.
> >
> >
> > where 'myacl' is a file containing:
> >
> >> acl redir_true always_true
> >
> >
> > Hope that helps clarify the situation. What am I doing wrong?
> >
> > Thanks in advance,
> > William
> >
> >
> > On Tue, Jul 1, 2014 at 2:00 PM, Baptiste <[email protected]> wrote:
> >>
> >> On Tue, Jul 1, 2014 at 10:54 PM, William Jimenez
> >> <[email protected]> wrote:
> >> > Hello
> >> > I am trying to modify ACLs via the socket interface. When I try to do
> >> > something like 'get acl', I get an error:
> >> >
> >> > Missing ACL identifier and/or key.
> >> >
> >> > How do I find the ACL identifier or key for a specific ACL? I see the
> >> > list
> >> > of ACLs when i do a 'show acl', but unsure which of these values is
> the
> >> > file
> >> > or key:
> >> >
> >> > # id (file) description
> >> > 0 () acl 'always_true' file '/etc/haproxy/haproxy.cfg' line 19
> >> > 1 () acl 'src' file '/etc/haproxy/haproxy.cfg' line 20
> >> > 2 () acl 'src' file '/etc/haproxy/haproxy.cfg' line 21
> >> > 3 () acl 'src' file '/etc/haproxy/haproxy.cfg' line 22
> >> >
> >> > Thanks
> >>
> >> Hi William,
> >>
> >> In order to be able to update ACL content, they must load their
> >> content from a file.
> >> The file name will be considered as a 'reference' you can point to
> >> when updating content.
> >> Don't forget to update simultaneously the content from an ACL and from
> >> the flat file to make HAProxy reload reliable :)
> >>
> >> Baptiste
> >
> >
> >
> >
> > --
> > William Jimenez
> > Systems Engineer, Operations
> > ItsOn, Inc.
> > 650-241-8470 {us/pacific}
>
>
> Hi William,
>
> In your configuration, you should load your acl like this:
> acl myacl hdr(Host) -f /path/to/myhosthdr.acl
>
> then your file acl reference will be myhosthdr.acl.
>
> Baptiste
>
--
William Jimenez
Systems Engineer, Operations
ItsOn, Inc.
650-241-8470 {us/pacific}
