Basically use the X backend, if the host matches xxx.com and ip is whitelisted in a pfsense defined ip alias list.

The problem is I am using the Cloudflare proxy and need to inspect the CF-Connecting-IP.

And to do that I am using Custom ACL like this

req.hdr(CF-Connecting-IP) -f /var/etc/haproxy/ipalias_Allowed_IPs.lst

The Alias is defined in the firewall named Allowed_IPs.

But this list does not get created unless I use something standard like "Source IP matches IP or IP Alias". Is there another way to refer to the created Aliases so that they are created properly?

The workaround for this is to create a dummy acl with "Source IP matches IP or IP Alias" that does nothing but it is not a good solution.

Edit: One more thing, I noticed is, when the alias list is updated, this does not get reflected to the HAProxy lists in /var/etc/haproxy/ until HAProxy is restarted.