Let us look at how to set up haproxy acl multiple conditions. With the support of our Server management support services at Bobcares we will learn how to set this feature up.

Why set up HAProxy ACL multiple conditions?

An ACL is a collection of one or more criteria that are put to view in sequence, and the ACL is regarded to match if all conditions are true.

We can design more complicated traffic routing rules by employing several criteria in an ACL.

This is an example of an ACL with many conditions:

We setup two criteria in this example based on the User-Agent header: is mobile and is tablet.

The hdr reg keyword specifies a regular expression that matches the header value, whereas the -i option specifies a case-insensitive match.

The use backend keyword is then used to define the backend server to use if the condition is met.

If the User-Agent header satisfies the is mobile condition, we route traffic to the mobile backend, and if the User-Agent header matches the is tablet condition, we route traffic to the tablet backend.

It is important to note that the criteria are reviewed in sequence, thus if the first condition matches, the second condition is ignored.

HAProxy ACL multiple OR conditions

Let us go through an example to understand the setup process easily:

With Ubuntu 12.04, I’m using Haproxy 1.5.12.

We need to limit access to my website to requests coming from specific IP addresses or containing a predefined parameter.

As an example, the following request should only work from approved IP addresses:

http://www-test.example.com/page.php

Andwe can perform this request from any IP:

http://www-test.example.com/page.php?devtool=1

Here the ezsmaples ACL are given below:

And if these ACLs are utilized exclusively:

http-request deny if is_****_allowed

or

http-request deny if is_****_devtool
Consider combining them with an OR if I’m unable to reach the Site from a permitted IP address (inverting the tests doesn’t help):

http-request deny if is_****_allowed || is_****_devtool

Solution to the example condition to set up HAProxy ACL multiple conditions

The test we appear to wish to impose is as follows:

A && !(B || C)
but it isn’t logically equal to what we’ve just said, which is basically this:

(A && !B) || (A && !C)
The logical equivalent of A &&!(B || C) without the use of parentheses is really this:

A && !B && !C

So in this case we have to look for the following:

http-request deny if is_****_allowed !is_devtool

To put it another way, reject the request if —

• it matches  is_test  , and
• it doesn’t match  is_allowed  , and
• it doesn’t match  is_devtool

The rule does not match and does not refuse the request if any of these conditions become false (no **** permit, is devtool).

[Need assistance with similar queries? We are here to help]

Conclusion

To sum up we have now seen how to set up the HAProxy ACL multiple conditions. With the support of our Server management support services at Bobcares we have now gone through the whole setup process.