Inspect ACL value

Is it possible to inspect directly the value of ACL clause during runtime? For example having

acl srv1 path_dir /site1
acl srv2 path_dir /site2

I can only conclude from HAProxy log what is the result of ACLs.

What do you mean by “inspecting directly”? I.e. give some examples on how you would use such a feature.

You could for example set some headers based on selected ACLs, thus you could see if they are set or not in the request / response. Also you can use set-var(txn.something) based on ACLs.

1 Like

I mean by “inspecting directly” to write the value to the log file or on the console in -d mode.

To my knowledge there isn’t any such option.

However you could use a combination of request headers and capture statements to see if an ACL is set for a particular HTTP request.

I will try. Thanks.

Any ideas? I also want the same thing.

Write whatever you want into a txn variable, based on the ACL:

    acl srv1 path_beg /site1
    http-request set-var(txn.srv1acl) str(acl-srv1-site1-match) if srv1
    http-request set-var(txn.srv1acl) str(acl-srv1-site1-nomatch) if ! srv1

Then configure logging referring to that variable:

    log-format "%{+Q}[var(txn.srv1acl)]"

I was successful using headers and captures, but your approach is way more elegant. Thanks!