HAProxy community

Simplified ACL for SNI matching

Hi There,

We are doing SNI based routing for multiple domains through our HAProxy LBs. but i need to add few more domains in the same HAproxy clusters.

But the domains are as mentioned below.
example.haproxy.com
example1.haproxy.com
example2.haproxy.com
example3.haproxy.com
example4.haproxy.com
.
.
example10.haproxy.com

Is there any easy way to group these domains in a single line acl?

Is it possible to configure like this?

tcp-request content accept if { req_ssl_hello_type 1 }
acl application_5 req_ssl_sni -i example(1-10).haproxy.com

Please help.

It’s a normal ACL. You can match it against a file with a list of expressions, you can use regular expressions, etc.

Please read:

https://cbonte.github.io/haproxy-dconv/2.0/configuration.html#7