git.ipfire.org Git - thirdparty/haproxy.git/commit

author	Christopher Faulet <cfaulet@haproxy.com>
	Mon, 4 Sep 2017 13:41:09 +0000 (15:41 +0200)
committer	Willy Tarreau <w@1wt.eu>
	Tue, 31 Oct 2017 10:36:12 +0000 (11:36 +0100)
commit	57583e474e3ee73d960403f2515437b6349ab7f1
tree	08aaeeb8b402a5dc2f5f95edf99230d652da429f	tree
parent	1b421eab872384a56976059a8642f8a94aba367f	commit \| diff

MEDIUM: spoe: Add support of ACLS to enable or disable sending of SPOE messages

Now, it is possible to conditionnaly send a SPOE message by adding an ACL-based
condition on the "event" line, in a "spoe-message" section. Here is the example
coming for the SPOE documentation:

    spoe-message get-ip-reputation
        args ip=src
        event on-client-session if ! { src -f /etc/haproxy/whitelist.lst }

To avoid mixin with proxy's ACLs, each SPOE message has its private ACL list. It
possible to declare named ACLs in "spoe-message" section, using the same syntax
than for proxies. So we can rewrite the previous example to use a named ACL:

    spoe-message get-ip-reputation
        args ip=src
acl ip-whitelisted src -f /etc/haproxy/whitelist.lst
        event on-client-session if ! ip-whitelisted

ACL-based conditions are executed in the context of the stream that handle the
client and the server connections.

doc/SPOE.txt		diff \| blob \| blame \| history
include/types/spoe.h		diff \| blob \| blame \| history
src/flt_spoe.c		diff \| blob \| blame \| history