• Categories
  • Recent
  • Tags
  • Popular
  • Users
  • Search
  • Register
  • Login
Netgate Discussion Forum
  • Categories
  • Recent
  • Tags
  • Popular
  • Users
  • Search
  • Register
  • Login

HAPROXY ACL match host and path

Scheduled Pinned Locked Moved HA/CARP/VIPs
haproxyacl
5 Posts 2 Posters 5.5k Views
Loading More Posts
  • Oldest to Newest
  • Newest to Oldest
  • Most Votes
Reply
  • Reply as topic
Log in to reply
This topic has been deleted. Only users with topic management privileges can see it.
  • C
    chris-net
    last edited by Oct 22, 2020, 9:36 PM

    i'm trying to create an HAProxy ACL that matches BOTH the domain and most of the path. I'm doing this so i can ensure lets encrypt token checks go to the correct hosts only on the expected path where the token is.

    i've created 2 ACl's with the same name. 1st acl has the expression "Host starts with" value = sub.domain.com and the 2nd ACL has the expression "Path starts with" value = "/.well-known/acme-challenge/"

    the following works when i expect it not to.

    ip/.well-known/acme-challenge/

    sub.domain.com/anything

    its like the ACL's are doing an OR instead of an AND.

    any advice on how i can craft an acl to match both domain & path so i can create additional ACL's to forward to different backends.

    Thanks in advance.

    1 Reply Last reply Reply Quote 0
    • K
      kiokoman LAYER 8
      last edited by Oct 22, 2020, 9:53 PM

      acl's with the same name will be 'combined' using OR criteria.

      Immagine.jpg

      ̿' ̿'\̵͇̿̿\з=(◕_◕)=ε/̵͇̿̿/'̿'̿ ̿
      Please do not use chat/PM to ask for help
      we must focus on silencing this @guest character. we must make up lies and alter the copyrights !
      Don't forget to Upvote with the 👍 button for any post you find to be helpful.

      1 Reply Last reply Reply Quote 1
      • C
        chris-net
        last edited by Oct 22, 2020, 10:00 PM

        @kiokoman thanks for that.

        any advice on how i can craft an acl to match both domain & path so i can create additional ACL's to forward to different backends.

        Thanks.

        1 Reply Last reply Reply Quote 0
        • K
          kiokoman LAYER 8
          last edited by kiokoman Oct 22, 2020, 10:10 PM Oct 22, 2020, 10:09 PM

          i think like this, it need to be tested, I have a very simple configuration, try it if you can and let me know
          I put some random stuff on this to let you understand
          Immagine.jpg

          ̿' ̿'\̵͇̿̿\з=(◕_◕)=ε/̵͇̿̿/'̿'̿ ̿
          Please do not use chat/PM to ask for help
          we must focus on silencing this @guest character. we must make up lies and alter the copyrights !
          Don't forget to Upvote with the 👍 button for any post you find to be helpful.

          1 Reply Last reply Reply Quote 1
          • C
            chris-net
            last edited by Oct 22, 2020, 10:15 PM

            that looks like solution.

            Thank you for the quick response

            1 Reply Last reply Reply Quote 0
            5 out of 5
            • First post
              5/5
              Last post
            Copyright 2025 Rubicon Communications LLC (Netgate). All rights reserved.
              This community forum collects and processes your personal information.
              consent.not_received