• i'm trying to create an HAProxy ACL that matches BOTH the domain and most of the path. I'm doing this so i can ensure lets encrypt token checks go to the correct hosts only on the expected path where the token is.

    i've created 2 ACl's with the same name. 1st acl has the expression "Host starts with" value = sub.domain.com and the 2nd ACL has the expression "Path starts with" value = "/.well-known/acme-challenge/"

    the following works when i expect it not to.

    ip/.well-known/acme-challenge/

    sub.domain.com/anything

    its like the ACL's are doing an OR instead of an AND.

    any advice on how i can craft an acl to match both domain & path so i can create additional ACL's to forward to different backends.

    Thanks in advance.

  • LAYER 8

    acl's with the same name will be 'combined' using OR criteria.

    Immagine.jpg


  • @kiokoman thanks for that.

    any advice on how i can craft an acl to match both domain & path so i can create additional ACL's to forward to different backends.

    Thanks.

  • LAYER 8

    i think like this, it need to be tested, I have a very simple configuration, try it if you can and let me know
    I put some random stuff on this to let you understand
    Immagine.jpg


  • that looks like solution.

    Thank you for the quick response