Hello, Thank you for the repport. It is fixed. The patches will be integrated in the 1.6 and 1.5 branches ASAP.
Thierry On Tue, 3 Feb 2015 15:58:08 -0700 KJ Rasmussen <kj_...@hotmail.com> wrote: > Below is my haproxy config file, the contents of > both ACL files (Empty and we are only really using one in my example) as > well as the steps I am taking to add and remove an ACL via the socket. > > It appears that after the removal of the ACL haproxy still behaves as if the > ACL is still in place. > > ----- Start of haproxy config ----- > #--------------------------------------------------------------------- > # Global settings > #--------------------------------------------------------------------- > global > # to have these messages end up in /var/log/haproxy.log you will > # need to: > # > # 1) configure syslog to accept network log events. This is done > # by adding the '-r' option to the SYSLOGD_OPTIONS in > # /etc/sysconfig/syslog > # > # 2) configure local2 events to go to the /var/log/haproxy.log > # file. A line like the following can be added to > # /etc/sysconfig/syslog > # > # local2.* /var/log/haproxy.log > # > chroot /var/lib/haproxy-chroot > pidfile /var/run/haproxy.pid > maxconn 4000 > user haproxy > group haproxy > daemon > tune.ssl.default-dh-param 1024 > > # turn on stats unix socket > stats socket /var/run/haproxy.sock mode 600 level admin > stats timeout 5s > > #--------------------------------------------------------------------- > # common defaults that all the 'listen' and 'backend' sections will > # use if not designated in their block > #--------------------------------------------------------------------- > defaults > mode http > log global > option dontlognull > option forwardfor > option http-server-close > retries 3 > timeout queue 1m > timeout connect 10s > timeout client 1m > timeout server 1m > timeout http-keep-alive 10s > timeout check 10s > > #--------------------------------------------------------------------- > # stats web > #--------------------------------------------------------------------- > listen stats :8082 > mode http > stats enable > stats uri / > > #--------------------------------------------------------------------- > # frontends/backends below here > #--------------------------------------------------------------------- > frontend main *:8000 > > # ACLS > acl bucket-none hdr(host) -i -f /etc/haproxy/acl.d/default.hosts.acl.conf > acl bucket-main1-a hdr(host) -i -f /etc/haproxy/acl.d/main1-a.hosts.acl.conf > > # use backends based off ACL > use_backend main0-a if bucket-none > use_backend main1-a if bucket-main1-a > > backend main0-a > server server-main0-a 127.0.0.1:9000 check > backend main1-a > server server-main1-a 127.0.0.1:9001 check > > ----- End of haproxy config ----- > > ----- Start of contents of default.hosts.acl.conf ----- > ----- End of contents of default.hosts.acl.conf ----- > > ----- Start of contents of main1-a.hosts.acl.conf ----- > ----- End of contents of main1-a.hosts.acl.conf ----- > > ----- start of confirmation that backends work ----- > $ curl http://localhost:9000 > <html>0</html> > $ curl http://localhost:9001 > <html>1</html> > ----- end of confirmation that backends work ----- > > ----- Confirmation that frontend does not work before adding acl via socket > ----- > $ curl -H 'Host: test.com' http://localhost:8000 > <html><body><h1>503 Service Unavailable</h1> > No server is available to handle this request. > </body></html> > ----- End confirmation that frontend does not work before adding acl via > socket ----- > > ----- Adding of the test.com acl ----- > $ echo "add acl /etc/haproxy/acl.d/default.hosts.acl.conf test.com" | socat > /var/run/haproxy.sock stdio > Done. > ----- End adding of the test.com acl ----- > > ----- Confirmation that the ACL additon worked ----- > $ curl -H 'Host: test.com' http://localhost:8000 > <html>0</html> > ----- End confirmation that the ACL additon worked ----- > > ----- Deletion of ACL ----- > $ echo "del acl /etc/haproxy/acl.d/default.hosts.acl.conf test.com" | socat > /var/run/haproxy.sock stdio > Done. > ----- End deletion of ACL ----- > > ----- Start of Proof that for some reason haproxy behaves as if the acl still > exists ----- > $ curl -H 'Host: test.com' http://localhost:8000 > <html>0</html> > ----- End of Proof that for some reason haproxy behaves as if the acl still > exists ----- > > > - Kevin
