On 15/07/2014 05:49 μμ, Baptiste wrote: > On Tue, Jul 15, 2014 at 12:40 AM, bjun...@gmail.com <bjun...@gmail.com> wrote: >> Hi folks, >> >> >> I've a question regarding the ordering/processing of ACL's. >> >> >> >> Example (HAProxy 1.4.24): >> >> >> ---- >> >> frontend http_in >> . >> . >> >> >> acl is_example.com hdr_beg(host) -i example.com >> >> acl check_id url_reg code=(1001|1002|............) >> >> acl check_id url_reg code=(3000|4001|............) >> >> use_backend node01 if is_example.com check_id >> >> >> >> acl is_example.de hdr_beg(host) -i example.de >> >> acl check_id url_reg code=(6573|7890) >> >> use_backend node02 if is_example.de check_id >> >> >> ---- >> >> >> >> I assumed that the "check_id" - ACL from the second block wouldn't be >> combined/OR'ed with the 2 "check_id" - ACL's from the first block >> (because of the other configuration statements in between). >> >> >> >> But they are combined/OR'ed, is this behavior intended ? >> >> >> >> Thanks, >> ------------------- >> >> Bjoern >> > > Hi Bjoern, > > ACLs are processed only if they are called by a directive. > When many ACLs are called by a directive, an implicit logical AND is applied. > an explicit logical OR can be declared as well > when a AND is applied between many ACLs, HAProxy stops processing them > as soon as one is wrong > when a OR is applied between many ACLs, HAProxy stops processing them > as soon as one is true > > some ACLs are cheaper to run than other, make your choice :) > > Side note, to avoid any mistake in your conf: > acl is_example.de hdr_beg(host) -i example.de > => this will match http://example.de/path/path/blah.php > or http://example.de.google.com/path/path/blah.php > > you might want to match this: > acl is_example.de hdr_end(host) -i example.de >
Is URI part of Host header? Cheers, Pavlos
signature.asc
Description: OpenPGP digital signature
