Here is my relevant configuration to authenticate/authorize service requests -
global
…
userlist myusers
group u_svc1 users a,b
group u_svc2 users c
user a password hashedpwda
user b password hashedpwdb
user c password hashedpwdclisten http-in
mode http
acl svc1flag hdr_sub(service) “svc1”
acl svc1auth http_auth_group(myusers) u_svc1 if svc1flag
use_backend …acl svc2flag hdr_sub(service) “svc2”
acl svc2auth http_auth_group(myusers) u_svc2 if svc2flag
use_backend …
…
when i start, i get following errors -
invalid group if
invalid group svc1flag
invalid group if
invalid group svc2flag
…
If i remove (if svc1flag/if svc2flag/…) from http_auth_group lines like below, everything works fine -
acl svc1auth http_auth_group(myusers) u_svc1
acl svc2auth http_auth_group(myusers) u_svc2
But i want to keep (if svc1flag) this condition otherwise i will be running http_auth_group() acl for every service configuration until i find the matching service.
Any way to address it?
Thanks