Hi,
I use these ACLs to allow requests from certain countries to certain hosts. In my case, domain owners can choose the countries for accessing their sites themselves.
acl acl_NA src -f NA.txt
acl acl_OC src -f OC.txt
acl acl_AS src -f AS.txt
acl acl_SK src -f SK.txt
acl ACL_example.com hdr(host) -i example.com
acl ACL_example.com1 hdr(host) -i example1.com
acl ACL_example.com2 hdr(host) -i example2.com
http-request allow if ACL_example.com acl_OC || ACL_example.com acl_AS
http-request deny if ACL_example.com
http-request allow if ACL_example1.com acl_SK
http-request deny if ACL_example1.com
http-request allow if ACL_example2.com acl_SK || ACL_example2.com acl_OC || ACL_example2.com acl_AS
http-request deny if ACL_example2.com
It works but creates a lot of rules in the haproxy config file. It is not handy.
Is it possible to replace all these rules with something like map-files (and map-acl rules)? I can generate map files of any format, for example
example.com OC
example.com AS
example1.com SK
example2.com SK
example2.com OC
example2.com AS
or
example.com OC|AS
example1.com SK
example2.com SK|OC|AS
but how can I combine them together, I can’t imagine.
Thank you for any help.