Netgate Discussion Forum
    • Categories
    • Recent
    • Tags
    • Popular
    • Users
    • Search
    • Register
    • Login

    HAPROXY ACL match host and path

    Scheduled Pinned Locked Moved HA/CARP/VIPs
    haproxyacl
    5 Posts 2 Posters 5.5k Views
    Loading More Posts
    • Oldest to Newest
    • Newest to Oldest
    • Most Votes
    Reply
    • Reply as topic
    Log in to reply
    This topic has been deleted. Only users with topic management privileges can see it.
    • C
      chris-net
      last edited by

      i'm trying to create an HAProxy ACL that matches BOTH the domain and most of the path. I'm doing this so i can ensure lets encrypt token checks go to the correct hosts only on the expected path where the token is.

      i've created 2 ACl's with the same name. 1st acl has the expression "Host starts with" value = sub.domain.com and the 2nd ACL has the expression "Path starts with" value = "/.well-known/acme-challenge/"

      the following works when i expect it not to.

      ip/.well-known/acme-challenge/

      sub.domain.com/anything

      its like the ACL's are doing an OR instead of an AND.

      any advice on how i can craft an acl to match both domain & path so i can create additional ACL's to forward to different backends.

      Thanks in advance.

      1 Reply Last reply Reply Quote 0
      • kiokomanK
        kiokoman LAYER 8
        last edited by

        acl's with the same name will be 'combined' using OR criteria.

        Immagine.jpg

        ̿' ̿'\̵͇̿̿\з=(◕_◕)=ε/̵͇̿̿/'̿'̿ ̿
        Please do not use chat/PM to ask for help
        we must focus on silencing this @guest character. we must make up lies and alter the copyrights !
        Don't forget to Upvote with the 👍 button for any post you find to be helpful.

        1 Reply Last reply Reply Quote 1
        • C
          chris-net
          last edited by

          @kiokoman thanks for that.

          any advice on how i can craft an acl to match both domain & path so i can create additional ACL's to forward to different backends.

          Thanks.

          1 Reply Last reply Reply Quote 0
          • kiokomanK
            kiokoman LAYER 8
            last edited by kiokoman

            i think like this, it need to be tested, I have a very simple configuration, try it if you can and let me know
            I put some random stuff on this to let you understand
            Immagine.jpg

            ̿' ̿'\̵͇̿̿\з=(◕_◕)=ε/̵͇̿̿/'̿'̿ ̿
            Please do not use chat/PM to ask for help
            we must focus on silencing this @guest character. we must make up lies and alter the copyrights !
            Don't forget to Upvote with the 👍 button for any post you find to be helpful.

            1 Reply Last reply Reply Quote 1
            • C
              chris-net
              last edited by

              that looks like solution.

              Thank you for the quick response

              1 Reply Last reply Reply Quote 0
              • First post
                Last post
              Copyright 2025 Rubicon Communications LLC (Netgate). All rights reserved.