I try to understand how to use the -M ACL flag.

From the documentation : 

The "-M" flag allows an ACL to use a map file. If this flag is set, the file is
parsed as two column file. The first column contains the patterns used by the
ACL, and the second column contain the samples. The sample can be used later by
a map. This can be useful in some rare cases where an ACL would just be used to
check for the existence of a pattern in a map before a mapping is applied.

How can we use "samples" in a map ?

Could you provide an example ?

What I'm looking for is a way find all IPs allowed for a hostname and then 
filter by these IPs from a map file, ie be able to do something like: 
%[req.fhdr(host),lower,map(/etc/haproxy/domains.map,default_backend)]  if { src 
-m ip %[req.fhdr(host),lower,map(/etc/haproxy/iprules.map)] }
with /etc/haproxy/iprules.map containing : 
hostname1 ip1
hostname1 ip2
hostname2 ip1
hostname2 ip3
hostname2 ip4

Did I miss something obvious ?

Thank you.


Reply via email to