Hi Robert,
Le mercredi 26 janvier 2011 00:39:53, Robert Joseph a écrit :
> hello,
>
> i run two sets of servers, each with an haproxy layer. one set is:
> HA-Proxy version 1.4.8 2010/06/16
>
> the other is:
> HA-Proxy version 1.4-dev3 2009/09/23
It looks funny to see such a version in use, but it can be dangerous as it was
an early version of the 1.4 branch.
> i am using an external file with a long list of referers that i want
> to block. in both server sets, it is invoked like so:
> acl invalid_referer hdr_sub(referer) -i -f
> /etc/haproxy/banned.haproxy.conf block if invalid_referer
>
> on set 1 (1.4.8), this works fine, those referers get 403's, and i get
> log lines like:
> Jan 25 15:28:56 127.0.0.1 haproxy[30545]: 127.0.0.1:9921
> [25/Jan/2011:15:28:56.240] yfrog_web yfrog_web/<NOSRV> 0/-1/-1/-1/0
> 403 188 - - PR-- 82/6/0/0/0 0/0 {yfrog.com|linkbucks.com|172.31.0.86}
> "HEAD / HTTP/1.0"
>
> it's blocked, i see the nice NOSRV and PR--
>
> on the other server set (1.4-dev3), the config passes the syntax
> check, but matching referers are not blocked:
This feature only appeared in haproxy 1.4.5 (I guess that previous versions
will try to find a "-f" referer, not sure about that).
From the changelog :
2010/05/13 : 1.4.5
- [MINOR] acl: support loading values from files
> the configurations are very nearly identical, except that in set 1 i
> invoke the ACL in a "frontend" section, and in set 2 i invoke it in a
> "listen" section. per
> http://haproxy.1wt.eu/download/1.5/src/CHANGELOG, support for -f was
> added in 1.4-dev1:
> - [MEDIUM] config: support loading multiple configuration files
>
> am i missing something?
Oh ok, this is not the same "-f" at all. The one you quote is for the command
line options, to "explode" the haproxy configuration file in several ones.
--
Cyril Bonté
