hello,
i run two sets of servers, each with an haproxy layer. one set is:
HA-Proxy version 1.4.8 2010/06/16
the other is:
HA-Proxy version 1.4-dev3 2009/09/23
i am using an external file with a long list of referers that i want
to block. in both server sets, it is invoked like so:
acl invalid_referer hdr_sub(referer) -i -f /etc/haproxy/banned.haproxy.conf
block if invalid_referer
on set 1 (1.4.8), this works fine, those referers get 403's, and i get
log lines like:
Jan 25 15:28:56 127.0.0.1 haproxy[30545]: 127.0.0.1:9921
[25/Jan/2011:15:28:56.240] yfrog_web yfrog_web/<NOSRV> 0/-1/-1/-1/0
403 188 - - PR-- 82/6/0/0/0 0/0 {yfrog.com|linkbucks.com|172.31.0.86}
"HEAD / HTTP/1.0"
it's blocked, i see the nice NOSRV and PR--
on the other server set (1.4-dev3), the config passes the syntax
check, but matching referers are not blocked:
Jan 25 15:31:00 127.0.0.1 haproxy[27166]: 172.31.0.86:52592
[25/Jan/2011:15:31:00.545] main local_nginx/127.0.0.1:14000
0/0/0/70/92 200 1251 - - ---- 772/772/488/487/0 0/0 {linkbucks.com}
"HEAD / HTTP/1.1"
the configurations are very nearly identical, except that in set 1 i
invoke the ACL in a "frontend" section, and in set 2 i invoke it in a
"listen" section. per
http://haproxy.1wt.eu/download/1.5/src/CHANGELOG, support for -f was
added in 1.4-dev1:
- [MEDIUM] config: support loading multiple configuration files
am i missing something?
thanks much,
-r
--
Robert Joseph
ImageShack Corp
Free Image Hosting
www.imageshack.us
