Hello everyone,
I have been using Haproxy for years but I still have trouble
understanding this part of the documentation:
7.2. Using ACLs to form conditions
A condition is formed as a disjunctive form:
[!]acl1 [!]acl2 ... [!]acln { or [!]acl1 [!]acl2 ... [!]acln } ...
first it does not work "as is" if i try something like that:
tcp-request connection reject if { or blacklist_manual tor_ips } !whitelist
it leads to : error detected in frontend 'http_all' while parsing 'if'
condition : unknown fetch method 'or' in ACL expression 'or'.
tcp-request connection reject if { blacklist_manual || tor_ips }
!whitelist does not work eather.
At the end i write something like that:
tcp-request connection reject if blacklist_manual !whitelist || tor_ips
!whitelist
It works but i'm still uncomfortable as i'm not really sure if it's
treated like this : (blacklist_manual !whitelist) || (tor_ips !whitelist)
The documentation on this topic should perhaps be improved, with more
examples with mixed AND/OR. Explain the priority for this type of
operators, and explain what the {or [ !]acl1 [ !]acl2 ... [!]acln }
really means
Thanks !