On Tue, May 08, 2012 at 08:35:26PM +0100, Jonathan Matthews wrote: > On 8 May 2012 20:24, Emmanuel Bézagu <emmanuel.bez...@gmail.com> wrote: > > > > you're right but this works only with a single protocol managed by haproxy, > > doesn't it ? > > My idea was to have an ACL for each of these standard protocols in order to > > have a specific backend. > > 1) That's why there are different ports for different protocols; just > put haproxy on each protocol's native port;
I think understand what Emmanuel is trying to do : use a single incoming port for multiple protocols when it's not easy/possible to open more. Sometimes you really need this on home networks. But even in professional networks you might need to control that the incoming traffic is what you expect it to be. Emmanuel, with 1.5-dev9 that I just released a few minutes ago, you can have your ACLs match arbitrary payload contents. However this means that your protocols need to talk first (eg: not like SSH/SMTP/FTP) and that you know what to check there at precise locations. > 2) MY EYES THEY BURN! > > Seriously, Comic Sans when posting to mailing lists? Didn't your > mother teach you /any/ manners? > > ;-) Jonathan, are you reading a mailing list in HTML ? Seriously ? Didn't your mother tell you that reading mails in HTML format was the best way to catch malware and to contribute to botnets, especially when these are public lists ? Shame on you both then ! :-) Willy
