Henning Svane wrote:
I would like to do something like this
acl AllowTraffic if XMail_autodiscover_Host
acl AllowTraffic if XMail_Autodiscover_Path
acl AllowTraffic if XMail_EAS
acl AllowTraffic if XMail_ECP
acl AllowTraffic if XMail_EWS
acl AllowTraffic if XMail_MAPI
acl AllowTraffic if XMail_OAB
acl AllowTraffic if XMail_OWA
acl AllowTraffic if XMail_RPC
acl AllowTraffic if XMail_PowerShell
http-request tarpit deny status 403 unless AllowTraffic
But I get errors from alle the lines both with or without if
ACLs in Haproxy cannot reference other ACLs and there is no "if" keyword
in ACL definitions. Section 7.1 in the Haproxy manual gives a summary of
the syntax of ACLs: https://docs.haproxy.org/3.2/configuration.html#7.1
If you already have ACLs named "XMail_Autodiscover_Path" an so on, you
could leave out the "AllowTraffic" part completely and write your
"http-request" statement like this:
http-request tarpit deny status 403 unless XMail_autodiscover_Host
orXMail_Autodiscover_Path or XMail_EAS or XMail_ECP or XMail_EWS or
XMail_MAPI or XMail_OAB or XMail_OWA or XMail_RPC or XMail_PowerShell
There are other ways to achieve similar results as well, but you will
have to decide for yourself what kind of syntax is both intuitive to you
and easy to maintain.
Jens
