On Thu, Jul 3, 2014 at 5:59 AM, Baptiste <bed...@gmail.com> wrote: > On Thu, Jul 3, 2014 at 2:24 PM, Thierry FOURNIER <tfourn...@haproxy.com> > wrote: > > On Tue, 1 Jul 2014 23:00:13 +0200 > > Baptiste <bed...@gmail.com> wrote: > > > >> On Tue, Jul 1, 2014 at 10:54 PM, William Jimenez > >> <william.jime...@itsoninc.com> wrote: > >> > Hello > >> > I am trying to modify ACLs via the socket interface. When I try to do > >> > something like 'get acl', I get an error: > >> > > >> > Missing ACL identifier and/or key. > >> > > >> > How do I find the ACL identifier or key for a specific ACL? I see the > list > >> > of ACLs when i do a 'show acl', but unsure which of these values is > the file > >> > or key: > >> > > >> > # id (file) description > >> > 0 () acl 'always_true' file '/etc/haproxy/haproxy.cfg' line 19 > >> > 1 () acl 'src' file '/etc/haproxy/haproxy.cfg' line 20 > >> > 2 () acl 'src' file '/etc/haproxy/haproxy.cfg' line 21 > >> > 3 () acl 'src' file '/etc/haproxy/haproxy.cfg' line 22 > >> > > >> > Thanks > >> > >> Hi William, > >> > >> In order to be able to update ACL content, they must load their > >> content from a file. > >> The file name will be considered as a 'reference' you can point to > >> when updating content. > >> Don't forget to update simultaneously the content from an ACL and from > >> the flat file to make HAProxy reload reliable :) > >> > >> Baptiste > >> > > > > Hi > > > > You can modify ACL without file. The identifier is the number prefixed > > by the char '#', like this: > > > > add acl #1 127.0.0.1 > > > > get acl is used to debug acl. > > > > Thierry > > > > > > Yes, but acl number is not reliable, since it can change in time. > Furthermore, it's easier to update content of a flat file than > updating ACL values in HAproxy's configuration. > > Baptiste >
Here is my config for reference: global > daemon > maxconn 4096 > chroot /var/lib/haproxy > pidfile /var/run/haproxy.pid > uid 99 > gid 99 > stats socket /var/lib/haproxy/stats level admin > defaults > mode http > timeout connect 5000ms > timeout client 50000ms > timeout server 50000ms > frontend 01-fend-in > bind localhost:80 > default_backend 01_bend > acl myacl hdr(Host) -f /root/myacl > #acl redir_true always_false > redirect code 307 location http://example.com if redir_true > backend ffd_bend > option httpchk GET / > option http-server-close > server bend013 localhost:8180 check > server bend012 localhost:8180 check Thanks
