On Thu, 3 Jul 2014 14:59:46 +0200 Baptiste <[email protected]> wrote: > On Thu, Jul 3, 2014 at 2:24 PM, Thierry FOURNIER <[email protected]> > wrote: > > On Tue, 1 Jul 2014 23:00:13 +0200 > > Baptiste <[email protected]> wrote: > > > >> On Tue, Jul 1, 2014 at 10:54 PM, William Jimenez > >> <[email protected]> wrote: > >> > Hello > >> > I am trying to modify ACLs via the socket interface. When I try to do > >> > something like 'get acl', I get an error: > >> > > >> > Missing ACL identifier and/or key. > >> > > >> > How do I find the ACL identifier or key for a specific ACL? I see the > >> > list > >> > of ACLs when i do a 'show acl', but unsure which of these values is the > >> > file > >> > or key: > >> > > >> > # id (file) description > >> > 0 () acl 'always_true' file '/etc/haproxy/haproxy.cfg' line 19 > >> > 1 () acl 'src' file '/etc/haproxy/haproxy.cfg' line 20 > >> > 2 () acl 'src' file '/etc/haproxy/haproxy.cfg' line 21 > >> > 3 () acl 'src' file '/etc/haproxy/haproxy.cfg' line 22 > >> > > >> > Thanks > >> > >> Hi William, > >> > >> In order to be able to update ACL content, they must load their > >> content from a file. > >> The file name will be considered as a 'reference' you can point to > >> when updating content. > >> Don't forget to update simultaneously the content from an ACL and from > >> the flat file to make HAProxy reload reliable :) > >> > >> Baptiste > >> > > > > Hi > > > > You can modify ACL without file. The identifier is the number prefixed > > by the char '#', like this: > > > > add acl #1 127.0.0.1 > > > > get acl is used to debug acl. > > > > Thierry > > > > > > Yes, but acl number is not reliable, since it can change in time. > Furthermore, it's easier to update content of a flat file than > updating ACL values in HAproxy's configuration.
Absolutely not: you can fix the id of the acl with the "-u" flag. With this, the acl have a fix numeric identifier. This method permits to have reliable ACL pattern without a fake file. example: acl myacl hdr(Host) -u 10 www.foo.com www.bar.com In this example, the value "10" is the unique identifier of the acl. You can see the documentation about ACL in the famous cyril haproxy web documention: http://cbonte.github.io/haproxy-dconv/configuration-1.5.html#7.1 Thierry
