[prev in list] [next in list] [prev in thread] [next in thread] 

List:       haproxy
Subject:    Re: Multipart ACLs
From:       Willy Tarreau <w () 1wt ! eu>
Date:       2009-12-21 6:18:48
Message-ID: 20091221061847.GA20189 () 1wt ! eu
[Download RAW message or body]

On Sun, Dec 20, 2009 at 11:26:43PM -0500, Ben Koski wrote:
> I'm a little confused about multipart ACLs.  Are conditions ORed or ANDed
> together as they're added on?
> 
> For example, what should happen when I set up the following?
> 
> acl my_cond hdr_dom(host) site1.com
> acl my_cond path_beg /special-case
> 
> use_backend www2 if my_cond
> default_backend www1
> 
> Should my request be routed to www2 if it is to site1.com AND /special-case,
> or if it matches either site1.com -or- /special-case ?

It's an OR. The purpose is not to be used like that, but rather have
an ACL which indicates a match that can come from multiple places.
Here are a few examples :

    acl static hdr_beg(host) static.
    acl static hdr_beg(host) images.
    acl static hdr_beg(host) video.

    acl localhost src 127.0.0.1
    acl localhost hdr(host) -i localhost
    acl localhost hdr_ip(host) 127.0.0.1

    acl forbidden_req hdr_cnt(content-length) gt 1
    acl forbidden_req hdr_cnt(host) ne 1
    acl forbidden_req hdr_cnt(max-forwards) ne 1
    acl forbidden_req url_reg ^[^:/]*://

You see ? it's really for having one single variable be true in such
circumstances. This becomes more obvious when using real ACL names
which indicate the purpose of the ACL.

Regards,
Willy


[prev in list] [next in list] [prev in thread] [next in thread]