On Wed, Jul 2, 2014 at 6:55 PM, William Jimenez <[email protected]> wrote: > Hi Baptiste et al., > Did you see my last comments? Sorry if this is an issue already addressed, > but I wasn't able to find anything on usage specifics in the documentation. > > Thanks, > William > > > On Tue, Jul 1, 2014 at 2:49 PM, William Jimenez > <[email protected]> wrote: >> >> Hi Baptiste >> I tried: >>> >>> >>> # haproxyctl del acl myacl >>> This command expects two parameters: ACL identifier and key. >> >> >> then i tried this >> >>> # haproxyctl del acl myacl 0 >>> Unknown map identifier. Please use #<id> or <file>. >> >> >> as well as the inverse ('0 myacl') >> >> I do see the acl listed though: >> >>> # haproxyctl show acl >>> # id (file) description >>> 0 (/root/myacl) pattern loaded from file '/root/myacl' used by acl at >>> file '/etc/haproxy/haproxy.cfg' line 19 >>> 1 () acl 'hdr' file '/etc/haproxy/haproxy.cfg' line 19 >>> >>> 2 () acl 'src' file '/etc/haproxy/haproxy.cfg' line 21 >> >> >> Also a redirect stmt that uses the aforementioned threw an error when I >> defined it like you suggested: >> >>> [ALERT] 180/204636 (5765) : parsing [/etc/haproxy/haproxy.cfg:31] : error >>> detected in frontend 'x' while parsing redirect rule : error in condition: >>> no such ACL : 'redir_true'. >> >> >> -William >> >> >> On Tue, Jul 1, 2014 at 2:42 PM, Baptiste <[email protected]> wrote: >>> >>> On Tue, Jul 1, 2014 at 11:16 PM, William Jimenez >>> <[email protected]> wrote: >>> > Hi Baptiste, thank you for the response. I'm afraid I still don't >>> > follow. >>> > Say I have the an ACL that I want to toggle from its current state (as >>> > defined in the flat file) to 'always_false'. I can see it exists from >>> > the >>> > output of the 'show acl' command: >>> > >>> >> # id (file) description >>> >> 0 () acl 'always_true' file '/etc/haproxy/haproxy.cfg' line 19 >>> > >>> > So to modify it I assume I would run something using 'add acl'. I >>> > thought >>> > you mentioned it needs to be defined in a file so I tried: >>> >> >>> >> # haproxyctl add acl myacl >>> >> 'add acl' expects two parameters: ACL identifier and pattern. >>> > >>> > >>> > where 'myacl' is a file containing: >>> > >>> >> acl redir_true always_true >>> > >>> > >>> > Hope that helps clarify the situation. What am I doing wrong? >>> > >>> > Thanks in advance, >>> > William >>> > >>> > >>> > On Tue, Jul 1, 2014 at 2:00 PM, Baptiste <[email protected]> wrote: >>> >> >>> >> On Tue, Jul 1, 2014 at 10:54 PM, William Jimenez >>> >> <[email protected]> wrote: >>> >> > Hello >>> >> > I am trying to modify ACLs via the socket interface. When I try to >>> >> > do >>> >> > something like 'get acl', I get an error: >>> >> > >>> >> > Missing ACL identifier and/or key. >>> >> > >>> >> > How do I find the ACL identifier or key for a specific ACL? I see >>> >> > the >>> >> > list >>> >> > of ACLs when i do a 'show acl', but unsure which of these values is >>> >> > the >>> >> > file >>> >> > or key: >>> >> > >>> >> > # id (file) description >>> >> > 0 () acl 'always_true' file '/etc/haproxy/haproxy.cfg' line 19 >>> >> > 1 () acl 'src' file '/etc/haproxy/haproxy.cfg' line 20 >>> >> > 2 () acl 'src' file '/etc/haproxy/haproxy.cfg' line 21 >>> >> > 3 () acl 'src' file '/etc/haproxy/haproxy.cfg' line 22 >>> >> > >>> >> > Thanks >>> >> >>> >> Hi William, >>> >> >>> >> In order to be able to update ACL content, they must load their >>> >> content from a file. >>> >> The file name will be considered as a 'reference' you can point to >>> >> when updating content. >>> >> Don't forget to update simultaneously the content from an ACL and from >>> >> the flat file to make HAProxy reload reliable :) >>> >> >>> >> Baptiste >>> > >>> > >>> > >>> > >>> > -- >>> > William Jimenez >>> > Systems Engineer, Operations >>> > ItsOn, Inc. >>> > 650-241-8470 {us/pacific} >>> >>> >>> Hi William, >>> >>> In your configuration, you should load your acl like this: >>> acl myacl hdr(Host) -f /path/to/myhosthdr.acl >>> >>> then your file acl reference will be myhosthdr.acl. >>> >>> Baptiste >> >> >> >> >> -- >> William Jimenez >> Systems Engineer, Operations >> ItsOn, Inc. >> 650-241-8470 {us/pacific} > > > > > -- > William Jimenez > Systems Engineer, Operations > ItsOn, Inc. > 650-241-8470 {us/pacific}
William: 1. please stop top posting, it's getting hard to follow the thread! 2. please post your config file (or at least the relevant part of it) with the content of your acl file My guess is that you're misusing ACLs. Baptiste
