On Tue, Jul 15, 2014 at 12:40 AM, [email protected] <[email protected]> wrote: > Hi folks, > > > I've a question regarding the ordering/processing of ACL's. > > > > Example (HAProxy 1.4.24): > > > ---- > > frontend http_in > . > . > > > acl is_example.com hdr_beg(host) -i example.com > > acl check_id url_reg code=(1001|1002|............) > > acl check_id url_reg code=(3000|4001|............) > > use_backend node01 if is_example.com check_id > > > > acl is_example.de hdr_beg(host) -i example.de > > acl check_id url_reg code=(6573|7890) > > use_backend node02 if is_example.de check_id > > > ---- > > > > I assumed that the "check_id" - ACL from the second block wouldn't be > combined/OR'ed with the 2 "check_id" - ACL's from the first block > (because of the other configuration statements in between). > > > > But they are combined/OR'ed, is this behavior intended ? > > > > Thanks, > ------------------- > > Bjoern >
Hi Bjoern, ACLs are processed only if they are called by a directive. When many ACLs are called by a directive, an implicit logical AND is applied. an explicit logical OR can be declared as well when a AND is applied between many ACLs, HAProxy stops processing them as soon as one is wrong when a OR is applied between many ACLs, HAProxy stops processing them as soon as one is true some ACLs are cheaper to run than other, make your choice :) Side note, to avoid any mistake in your conf: acl is_example.de hdr_beg(host) -i example.de => this will match http://example.de/path/path/blah.php or http://example.de.google.com/path/path/blah.php you might want to match this: acl is_example.de hdr_end(host) -i example.de Baptiste
