On Mon, Jul 7, 2014 at 8:31 PM, William Jimenez <william.jime...@itsoninc.com> wrote: > > > > On Thu, Jul 3, 2014 at 5:59 AM, Baptiste <bed...@gmail.com> wrote: >> >> On Thu, Jul 3, 2014 at 2:24 PM, Thierry FOURNIER <tfourn...@haproxy.com> >> wrote: >> > On Tue, 1 Jul 2014 23:00:13 +0200 >> > Baptiste <bed...@gmail.com> wrote: >> > >> >> On Tue, Jul 1, 2014 at 10:54 PM, William Jimenez >> >> <william.jime...@itsoninc.com> wrote: >> >> > Hello >> >> > I am trying to modify ACLs via the socket interface. When I try to do >> >> > something like 'get acl', I get an error: >> >> > >> >> > Missing ACL identifier and/or key. >> >> > >> >> > How do I find the ACL identifier or key for a specific ACL? I see the >> >> > list >> >> > of ACLs when i do a 'show acl', but unsure which of these values is >> >> > the file >> >> > or key: >> >> > >> >> > # id (file) description >> >> > 0 () acl 'always_true' file '/etc/haproxy/haproxy.cfg' line 19 >> >> > 1 () acl 'src' file '/etc/haproxy/haproxy.cfg' line 20 >> >> > 2 () acl 'src' file '/etc/haproxy/haproxy.cfg' line 21 >> >> > 3 () acl 'src' file '/etc/haproxy/haproxy.cfg' line 22 >> >> > >> >> > Thanks >> >> >> >> Hi William, >> >> >> >> In order to be able to update ACL content, they must load their >> >> content from a file. >> >> The file name will be considered as a 'reference' you can point to >> >> when updating content. >> >> Don't forget to update simultaneously the content from an ACL and from >> >> the flat file to make HAProxy reload reliable :) >> >> >> >> Baptiste >> >> >> > >> > Hi >> > >> > You can modify ACL without file. The identifier is the number prefixed >> > by the char '#', like this: >> > >> > add acl #1 127.0.0.1 >> > >> > get acl is used to debug acl. >> > >> > Thierry >> > >> > >> >> Yes, but acl number is not reliable, since it can change in time. >> Furthermore, it's easier to update content of a flat file than >> updating ACL values in HAproxy's configuration. >> >> Baptiste > > > Here is my config for reference: > >> global >> daemon >> maxconn 4096 >> chroot /var/lib/haproxy >> pidfile /var/run/haproxy.pid >> uid 99 >> gid 99 >> stats socket /var/lib/haproxy/stats level admin >> defaults >> mode http >> timeout connect 5000ms >> timeout client 50000ms >> timeout server 50000ms >> frontend 01-fend-in >> bind localhost:80 >> default_backend 01_bend >> acl myacl hdr(Host) -f /root/myacl >> #acl redir_true always_false >> redirect code 307 location http://example.com if redir_true >> backend ffd_bend >> option httpchk GET / >> option http-server-close >> server bend013 localhost:8180 check >> server bend012 localhost:8180 check > > > Thanks
Hello, We also need the content of /root/myacl. Also, your redir_true acl is commented despite being used, so this configuration is broken. Could you provide us one you tested and did not deliver you the expected behavior? Baptiste
