How do I load an ACL value (src) from a map (req.hdr)?
I’m trying to allow/deny traffic from specific IP networks to specific domains, without repeating ACL rules in the HAProxy config, and creating per-domain map files.
This is what I came up with:
acl ip_network_allowed src %[req.hdr(host),lower,map(/etc/haproxy/domain_ip.map)]
tcp-request connection reject if { req.hdr(host),lower,map(/etc/haproxy/domain_ip.map) -m found } ip_network_allowed
… where /etc/haproxy/domain_ip.map has the format req.hdr + space-separated IP networks:
example.com ::1
However, HAProxy apparently does not expect the %[] syntax there:
error detected while parsing ACL 'ip_network_allowed' : '%[req.hdr(host),lower,map(/etc/haproxy/domain_ip.map)]' is not a valid IPv4 or IPv6 address.
I’m unable to find in which context this syntax is supported.
1 post - 1 participant