HAProxy ACL Rules Get Merged Incorrectly?
-
I'm trying to build out the config on this blog (http://loredo.me/post/116633549315/geeking-out-with-haproxy-on-pfsense-the-ultimate), but it appears that the acl rules getting generated from the GUI do not match his configuration.
I don't have my generated configuration handy (will post later today), but it appears that when you build the handful of acl rules on each of the shared frontends and use the 'NOT' option, the merged ruleset treats the entire ACL as 'NOT' rather than individual ACL rules.
Specifically the sections that seem to be applied incorrectly are in this section of his tutorial:
Name: WAN_443_HTTPS Description: HTTPS Shared Frontend: Yes Primary Frontend: WAN_443 Backend Server Pool: WAN_HTTPS Access Control lists: NAME=acl EXPR=Custom NOT=no VALUE=req.ssl_hello_type 1 NAME=acl EXPR=Custom NOT=yes VALUE=req.ssl_sni -m end -i .vpn.example.com NAME=acl EXPR=Custom NOT=yes VALUE=req.ssl_sni -m end -i .ssh.example.com
Hopefully that makes sense… If I could import my own config it'd likely be no problem, as his config is published here (https://gist.github.com/jpawlowski/3f91ef9d0bba49eb0c58) and seems to make logical sense to me.
Should I be expecting this type of behavior?
Thanks,
Ryan