Hi, I'm trying to figure out the best way to match a source ip against an ip mapping file and make decisions based on that. What I'm now doing is this:
acl acl_is_xx src,map_ip(<map-file-1>) -m str xx acl acl_is_yy src,map_ip(<map-file-1>) -m str yy http-request set-header X-Test wasxx if acl_is_xx ... http-request set-header X-Test wasyy if acl_is_yy ... While this works my problem is that this requires two map look-ups. What i would really like to do is this (pseudo code): acl acl_value src,map_ip(<map-file-1>) -m copy http-request set-header X-Test wasxx if acl_value==xx http-request set-header X-Test wasyy if acl_value==yy That way you only would have to do one look-up in the map and then determine the the different cases based on simple string matches. As far as I can tell though ACLs only allow for matching and not for a straight forward copy like I tried to express with the "-m copy" above. Is there an alternative way to express something like this? Regards, Dennis