Hi, On Fri, Oct 09, Sébastien LECOMTE wrote: [...] > acl allowed_clients hdr_sub(X-Real-IP) 10.10.200.0/24 > 213.200.107.128/25 213.254.248.96/27 62.72.112.128/28 84.199.92.128/26 > 91.237.72.4
[...] > http-request allow if private_domain allowed_clients > http-request deny if private_domain !allowed_clients > http-request allow if public_domain AFAIK hdr_sub(X-Real-IP) returns a string (for example 10.10.200.66) and you're comparing it to string 10.10.200.0/24 ? Maybe req.hdr_ip would work better ? (https://cbonte.github.io/haproxy-dconv/configuration-1.5.html#7.3.6-req.hdr_ip) -Jarno -- Jarno Huuskonen
