Below is my haproxy config file, the contents of both ACL files (Empty and we are only really using one in my example) as well as the steps I am taking to add and remove an ACL via the socket.
It appears that after the removal of the ACL haproxy still behaves as if the ACL is still in place. ----- Start of haproxy config ----- #--------------------------------------------------------------------- # Global settings #--------------------------------------------------------------------- global # to have these messages end up in /var/log/haproxy.log you will # need to: # # 1) configure syslog to accept network log events. This is done # by adding the '-r' option to the SYSLOGD_OPTIONS in # /etc/sysconfig/syslog # # 2) configure local2 events to go to the /var/log/haproxy.log # file. A line like the following can be added to # /etc/sysconfig/syslog # # local2.* /var/log/haproxy.log # chroot /var/lib/haproxy-chroot pidfile /var/run/haproxy.pid maxconn 4000 user haproxy group haproxy daemon tune.ssl.default-dh-param 1024 # turn on stats unix socket stats socket /var/run/haproxy.sock mode 600 level admin stats timeout 5s #--------------------------------------------------------------------- # common defaults that all the 'listen' and 'backend' sections will # use if not designated in their block #--------------------------------------------------------------------- defaults mode http log global option dontlognull option forwardfor option http-server-close retries 3 timeout queue 1m timeout connect 10s timeout client 1m timeout server 1m timeout http-keep-alive 10s timeout check 10s #--------------------------------------------------------------------- # stats web #--------------------------------------------------------------------- listen stats :8082 mode http stats enable stats uri / #--------------------------------------------------------------------- # frontends/backends below here #--------------------------------------------------------------------- frontend main *:8000 # ACLS acl bucket-none hdr(host) -i -f /etc/haproxy/acl.d/default.hosts.acl.conf acl bucket-main1-a hdr(host) -i -f /etc/haproxy/acl.d/main1-a.hosts.acl.conf # use backends based off ACL use_backend main0-a if bucket-none use_backend main1-a if bucket-main1-a backend main0-a server server-main0-a 127.0.0.1:9000 check backend main1-a server server-main1-a 127.0.0.1:9001 check ----- End of haproxy config ----- ----- Start of contents of default.hosts.acl.conf ----- ----- End of contents of default.hosts.acl.conf ----- ----- Start of contents of main1-a.hosts.acl.conf ----- ----- End of contents of main1-a.hosts.acl.conf ----- ----- start of confirmation that backends work ----- $ curl http://localhost:9000 <html>0</html> $ curl http://localhost:9001 <html>1</html> ----- end of confirmation that backends work ----- ----- Confirmation that frontend does not work before adding acl via socket ----- $ curl -H 'Host: test.com' http://localhost:8000 <html><body><h1>503 Service Unavailable</h1> No server is available to handle this request. </body></html> ----- End confirmation that frontend does not work before adding acl via socket ----- ----- Adding of the test.com acl ----- $ echo "add acl /etc/haproxy/acl.d/default.hosts.acl.conf test.com" | socat /var/run/haproxy.sock stdio Done. ----- End adding of the test.com acl ----- ----- Confirmation that the ACL additon worked ----- $ curl -H 'Host: test.com' http://localhost:8000 <html>0</html> ----- End confirmation that the ACL additon worked ----- ----- Deletion of ACL ----- $ echo "del acl /etc/haproxy/acl.d/default.hosts.acl.conf test.com" | socat /var/run/haproxy.sock stdio Done. ----- End deletion of ACL ----- ----- Start of Proof that for some reason haproxy behaves as if the acl still exists ----- $ curl -H 'Host: test.com' http://localhost:8000 <html>0</html> ----- End of Proof that for some reason haproxy behaves as if the acl still exists ----- - Kevin
