Hey,
are there some kind of global ACLs perhaps? I think that could be really
useful. In my case I have ~70 frontends and ~100 backends. I often use
the same ACLs on multiple frontends/backends for specific whitelisting
etc.
It would be extremely helpful to specify some of those ACLs in the
global scope and use it where needed without having to re-define it
again and again.
Technically that shouldn't be much different from what it does in the
local scope, shouldn't it?
So I guess the ACL is prepare once on startup, it shouldn't matter where
that is done. Using it so actually evaluating it is always (as before)
done in the local scope, depending on the actual Layer etc.
So adding support for global ACLs should be easy and helpful, or am I
wrong? Did I forgot something important here?
Example:
global
acl foo src 192.168.1.1
acl foobar hdr_ip(X-Forwarded-For,-1) 192.168.1.2 # This *might* be
a special case... Not yet further verified.
....
frontend example
....
use_backend ... if foo
use_backend ... if foobar
....
--
Regards,
Christian Ruppert