Let us look at how to set up haproxy acl multiple conditions. With the support of our Server management support services at Bobcares we will learn how to set this feature up.
Why set up HAProxy ACL multiple conditions?
An ACL is a collection of one or more criteria that are put to view in sequence, and the ACL is regarded to match if all conditions are true.
We can design more complicated traffic routing rules by employing several criteria in an ACL.
This is an example of an ACL with many conditions:
We setup two criteria in this example based on the User-Agent header: is mobile and is tablet.
The hdr reg keyword specifies a regular expression that matches the header value, whereas the -i option specifies a case-insensitive match.
The use backend keyword is then used to define the backend server to use if the condition is met.
If the User-Agent header satisfies the is mobile condition, we route traffic to the mobile backend, and if the User-Agent header matches the is tablet condition, we route traffic to the tablet backend.
It is important to note that the criteria are reviewed in sequence, thus if the first condition matches, the second condition is ignored.
HAProxy ACL multiple OR conditions
Let us go through an example to understand the setup process easily:
With Ubuntu 12.04, I’m using Haproxy 1.5.12.
We need to limit access to my website to requests coming from specific IP addresses or containing a predefined parameter.
As an example, the following request should only work from approved IP addresses:
http://www-test.example.com/page.php
Andwe can perform this request from any IP:
http://www-test.example.com/page.php?devtool=1
Here the ezsmaples ACL are given below:
And if these ACLs are utilized exclusively:
http-request deny if is_****_allowed
or
http-request deny if is_****_devtool
Consider combining them with an OR if I’m unable to reach the Site from a permitted IP address (inverting the tests doesn’t help):
http-request deny if is_****_allowed || is_****_devtool
Solution to the example condition to set up HAProxy ACL multiple conditions
The test we appear to wish to impose is as follows:
A && !(B || C)
but it isn’t logically equal to what we’ve just said, which is basically this:
(A && !B) || (A && !C)
The logical equivalent of A &&!(B || C) without the use of parentheses is really this:
A && !B && !C
So in this case we have to look for the following:
http-request deny if is_****_allowed !is_devtool
To put it another way, reject the request if —
- it matches is_test , and
- it doesn’t match is_allowed , and
- it doesn’t match is_devtool
The rule does not match and does not refuse the request if any of these conditions become false (no **** permit, is devtool).
[Need assistance with similar queries? We are here to help]
Conclusion
To sum up we have now seen how to set up the HAProxy ACL multiple conditions. With the support of our Server management support services at Bobcares we have now gone through the whole setup process.
PREVENT YOUR SERVER FROM CRASHING!
Never again lose customers to poor server speed! Let us help you.
Our server experts will monitor & maintain your server 24/7 so that it remains lightning fast and secure.
var google_conversion_label = "owonCMyG5nEQ0aD71QM";
0 Comments