On Fri, Oct 09, 2015 at 01:36:57PM +0300, Jarno Huuskonen wrote:
> Hi,
>
> On Fri, Oct 09, Sébastien LECOMTE wrote:
> [...]
> > acl allowed_clients hdr_sub(X-Real-IP) 10.10.200.0/24
> > 213.200.107.128/25 213.254.248.96/27 62.72.112.128/28 84.199.92.128/26
> > 91.237.72.4
>
> [...]
>
> >
Lukas,
Le 08/10/2015 23:47, Lukas Tribus a écrit :
> You really need to post the actual configuration, because we don't
> have any idea what you are trying to do and how you configured it.
>
> But yes, 213.254.248.96/27 covers 32 IPs starting from 213.254.248.96
> until 213.254.248.127.
Yes…
Le 09/10/2015 12:36, Jarno Huuskonen a écrit :
> Maybe req.hdr_ip would work better ?
> (https://cbonte.github.io/haproxy-dconv/configuration-1.5.html#7.3.6-req.hdr_ip)
OK. Thanks.
Hi,
On Fri, Oct 09, Sébastien LECOMTE wrote:
[...]
> acl allowed_clients hdr_sub(X-Real-IP) 10.10.200.0/24
> 213.200.107.128/25 213.254.248.96/27 62.72.112.128/28 84.199.92.128/26
> 91.237.72.4
[...]
> http-request allow if private_domain allowed_clients
> http-request deny if
> acl allowed_clients hdr_sub(X-Real-IP) 10.10.200.0/24 [...]
This is a *string* comparison. You will have to use "req.hdr_ip" [1]:
acl allowed_clients req.hdr_ip(X-Real-IP,-1) 10.10.200.0/24 [...]
Regards,
Lukas
[1]
Le 09/10/2015 12:41, Lukas Tribus a écrit :
> This is a *string* comparison. You will have to use "req.hdr_ip" [1]:
>
> acl allowed_clients req.hdr_ip(X-Real-IP,-1) 10.10.200.0/24 [...]
Oh damned.
Thanks a lot… I'll try this right now.
> Hi!
>
> I'd like to report a bug I do experience,
> maybe I'm not the first one to report it:
> it's about IP network ranges and acl in haproxy (1.5.8).
> It's working… sometimes.
> I have no issue with ranges like /24 (like 10.10.200.0/24)
> But it is not working with a range like /22 ; /28 ;
7 matches
Mail list logo