Hello,
I currently have two backends defined in Haproxy CE 1.8.19-1+deb10u3 and I specify the target backend with the following rule:
use_backend https_%[req.ssl_sni(),lower,map_str(/etc/haproxy/maps/backends.map,default)].
So if the requested domain name exists as an entry in the backends.map file, the request is forwarded to https_, if there is no match, the request is sent to the default backend “default”.
The reason I prefer this way is that I can conveniently control this via the Dataplane API. Now I am trying to implement something similar to block certain IP addresses. So before the specified backend rule is executed by HAproxy, it should first look to see if the client IP is blocked and therefore exists as an entry in the “blocked.map”, which might then look like this:
use_backend %[src,map_ip(/etc/haproxy/maps/blocked)]
use_backend https_%[req.ssl_sni(),lower,map_str(/etc/haproxy/maps/backends.map,default)]
The problem is that HAProxy never checks the second “use_backend” because if there is a match in the first statement, it will match correctly, but if there is not, HAProxy will stop looking and return an error to the client.
Is it possible to use an if statement to check if the client IP appears as an entry in a map file, and then either block the request if there is a match, or continue with the second statement if there is no match?
Thank’s and regards
dr-ing