ACL ordering/processing

[bjun...@gmail.com]

Hi folks,


I've a question regarding the ordering/processing of ACL’s.



Example (HAProxy 1.4.24):




frontend http_in
.
.


acl  is_example.com  hdr_beg(host) -i example.com

acl  check_id  url_reg   code=(1001|1002|)

acl  check_id  url_reg   code=(3000|4001|)

use_backend  node01 if  is_example.com  check_id



acl  is_example.de  hdr_beg(host) -i example.de

acl  check_id  url_reg   code=(6573|7890)

use_backend  node02 if  is_example.de  check_id






I assumed that the “check_id” - ACL from the second block wouldn’t be
combined/OR’ed with the 2 “check_id” - ACL’s from the first block
(because of the other configuration statements in between).



But they are combined/OR’ed, is this behavior intended ?



Thanks,
---

Bjoern

Re: ACL ordering/processing

[Cyril Bonté]

Hi,

Le 15/07/2014 00:40, bjun...@gmail.com a écrit :

Hi folks,

I've a question regarding the ordering/processing of ACL’s.

Example (HAProxy 1.4.24):



frontend http_in

acl  is_example.com  hdr_beg(host) -i example.com
acl  check_id  url_reg   code=(1001|1002|)
acl  check_id  url_reg   code=(3000|4001|)

use_backend  node01 if  is_example.com  check_id

acl  is_example.de  hdr_beg(host) -i example.de
acl  check_id  url_reg   code=(6573|7890)

use_backend  node02 if  is_example.de  check_id



I assumed that the “check_id” - ACL from the second block wouldn’t be
combined/OR’ed with the 2 “check_id” - ACL’s from the first block
(because of the other configuration statements in between).

But they are combined/OR’ed, is this behavior intended ?


Yes, it is ;-)
acl scope is global to the frontend/backend where it has been declared.

--
Cyril Bonté