Re: Multipart ACLs

From: Willy Tarreau <>
Date: Mon, 21 Dec 2009 07:18:48 +0100

On Sun, Dec 20, 2009 at 11:26:43PM -0500, Ben Koski wrote:
> I'm a little confused about multipart ACLs. Are conditions ORed or ANDed
> together as they're added on?
> For example, what should happen when I set up the following?
> acl my_cond hdr_dom(host)
> acl my_cond path_beg /special-case
> use_backend www2 if my_cond
> default_backend www1
> Should my request be routed to www2 if it is to AND /special-case,
> or if it matches either -or- /special-case ?

It's an OR. The purpose is not to be used like that, but rather have an ACL which indicates a match that can come from multiple places. Here are a few examples :

    acl static hdr_beg(host) static.
    acl static hdr_beg(host) images.
    acl static hdr_beg(host) video.

    acl localhost src
    acl localhost hdr(host) -i localhost     acl localhost hdr_ip(host)

    acl forbidden_req hdr_cnt(content-length) gt 1
    acl forbidden_req hdr_cnt(host) ne 1
    acl forbidden_req hdr_cnt(max-forwards) ne 1
    acl forbidden_req url_reg ^[^:/]*://

You see ? it's really for having one single variable be true in such circumstances. This becomes more obvious when using real ACL names which indicate the purpose of the ACL.

Willy Received on 2009/12/21 07:18

This archive was generated by hypermail 2.2.0 : 2009/12/21 07:30 CET