On Tue, Jul 15, 2014 at 7:14 PM, Pavlos Parissis <[email protected]> wrote: > On 15/07/2014 05:49 μμ, Baptiste wrote: >> On Tue, Jul 15, 2014 at 12:40 AM, [email protected] <[email protected]> >> wrote: >>> Hi folks, >>> >>> >>> I've a question regarding the ordering/processing of ACL's. >>> >>> >>> >>> Example (HAProxy 1.4.24): >>> >>> >>> ---- >>> >>> frontend http_in >>> . >>> . >>> >>> >>> acl is_example.com hdr_beg(host) -i example.com >>> >>> acl check_id url_reg code=(1001|1002|............) >>> >>> acl check_id url_reg code=(3000|4001|............) >>> >>> use_backend node01 if is_example.com check_id >>> >>> >>> >>> acl is_example.de hdr_beg(host) -i example.de >>> >>> acl check_id url_reg code=(6573|7890) >>> >>> use_backend node02 if is_example.de check_id >>> >>> >>> ---- >>> >>> >>> >>> I assumed that the "check_id" - ACL from the second block wouldn't be >>> combined/OR'ed with the 2 "check_id" - ACL's from the first block >>> (because of the other configuration statements in between). >>> >>> >>> >>> But they are combined/OR'ed, is this behavior intended ? >>> >>> >>> >>> Thanks, >>> ------------------- >>> >>> Bjoern >>> >> >> Hi Bjoern, >> >> ACLs are processed only if they are called by a directive. >> When many ACLs are called by a directive, an implicit logical AND is applied. >> an explicit logical OR can be declared as well >> when a AND is applied between many ACLs, HAProxy stops processing them >> as soon as one is wrong >> when a OR is applied between many ACLs, HAProxy stops processing them >> as soon as one is true >> >> some ACLs are cheaper to run than other, make your choice :) >> >> Side note, to avoid any mistake in your conf: >> acl is_example.de hdr_beg(host) -i example.de >> => this will match http://example.de/path/path/blah.php >> or http://example.de.google.com/path/path/blah.php >> >> you might want to match this: >> acl is_example.de hdr_end(host) -i example.de >> > > > Is URI part of Host header? > > Cheers, > Pavlos > > >
Hi Pavlos, not at all, sorry for confusing. Your browser should split your URL in 2 parts: - Host header containing the hostname of the service - url path http://my.domain.tld/path will be sent as GET /path HTTP/1.1 Host: my.domain.tld Baptiste
