ACLs' precedence

senseivita

Which way directives take precedence when they conflict on different sections, e.g;

• If there's a http-response set-header Cache-Control must-revalidate rule on a front end.
• For 1-2 backends this is not desired, instead http-response set-header Cache-Control "public, max-age" or some other header would fit best, so,
• It's added on the backend.

This wouldn't work would it? What layer has higher precedence using http-response directives? I'm trying to picture it so I can understand it better but every time I start reading I quickly get sidetracked into the http-request directive and others completely unrelated, I forget what I was doing and I don't even notice until hours later when I close enough tabs to land on the HAProxy unfinished config again.

I'm avoiding creating another frontend but it seems that I'll have no option.

dragoangel

What you speaking isn't ACL, they are actions. If you want to have specific action on condition simply use it with ACL. F.E.: acl example.com host=example.com is acl and action set-header foo=bar if example.com

senseivita

Oh yeah, I just got that my bad.

But wait a minute though, are you saying I can apply more than one action per ACL in the same frontend?! The way I was doing it was as a whole in the advance options because I thought the actions were/is only 1 per ACL and since the advanced section applies to all, 1+1…

I'm going to be anxious waiting for email now bc I'll lose my **** as it will remove one level of loops from my setup if it's true.

dragoangel

@skilledinept you can create ACL on frontend/backend and use this ACL at any Action in side same frontend/backend. You can create ACL at shared frontend and use it in child frontend. You can use Action which will run when multiply ACL must be satisfied or one of ACLs will. Please read how HAproxy works ;)

p.s. You can create Action with IF {No need to create ACL, I describe my IF HERE} also

dragoangel

@skilledinept here is good article: https://cbonte.github.io/haproxy-dconv/