Globally accessible ACL


#1

Hi All,

Working on a solution for a maintenance page based upon:

https://gist.github.com/sts/62d8dd59221ab68661aa

This works really well, but I want to have a SINGLE acl apply to multiple listen/frontend blocks. That way, instead of doing a:

echo "add acl #0 0.0.0.0/0" | nc -U <socket>

On every acl instance, I could do it once and have every block see it. Does anyone know if this is possible?

Thanks,
Paul


#2

Nevermind! Managed to get it working with maps:

acl web_maintenance src,map_ip(/etc/haproxy/web_maintenance.txt) -m str 1
acl web_maintenance_ex src,map_ip(/etc/haproxy/web_maintenance_ex.txt) -m str 1

use_backend web_maintenance if web_maintenance !web_maintenance_ex