Dear all, I’m trying to understand, how ACL chains, e.g. for `http-request deny` are executed, and whether they support short-circuit.
Example: acl1: ip in particular range acl2: comple regex match with a long list of patterns http-request deny acl1 !acl2 That would mean block the request if it fits the IP range of acl1 and does not match any of the patterns in the list of regexes. I want to understand, whether the evaluation is stopped after acl1 did not match, or if the long list of regexes is still executed? My programmer’s intuition would expect that execution would stop when acl1 does not match. The documentation mentions that unused ACLs don’t have performance impact, which would indicate the same. When acl1 matches, of course the long list of regexes must be processed. Thanks in advance, Alex
