In haproxy configs, I need to be able to look up the client ip of a request in a map of IP cidrs and then set an acl if the client ip exists in the map
We can assume that I have a map <path_to_map/ipcidrs.map> which is populated like this:
1.12.123.12/24 1.12.123.12/24
We can also assume that i have a txn variable that gives us the IP txn.ip
I've tried this:
acl is_IP_in_map var(txn.ip),map_ip(<path_to_map>/ipcidrs.map)
I noticed that the acl was not being set.
Is there something that i am missing here? Can anyone suggest alternatives?
Things to consider:
- I'm aware that I can use a list, but I think I need to use a map because the map is being dynamically updated via the runtime client(updateMap). Im assuming that list updates are more expensive that map updates. Hence the choice for maps.
- the ipcidrs.map contains cidrs. Hence the need for map_ip. Simple string matching could have worked were the map filled with IPs.
- Yes, the value in the map is redundant. but this is based on point 1 where i need to key off the client IP based on the cidr value.