Gitiles
Code Review Sign In
git01.mediatek.com / haproxy / ae8b7967220ace6c9580787d879c51e163cc9a44^! / . / doc / haproxy-en.txt
commitae8b7967220ace6c9580787d879c51e163cc9a44[log] [tgz]
authorWilly Tarreau <w@1wt.eu>Sat Jun 09 23:10:04 2007 +0200
committerWilly Tarreau <w@1wt.eu>Sat Jun 09 23:10:04 2007 +0200
tree342a92ef0f3426e723da9d48861941129f68f2c3
parenta3503e0b5a984164ae71b007871a9d7d5c6825b0 [diff] [blame]
[MEDIUM] smarter integer comparison support in ACLs

ACLs now support operators such as 'eq', 'le', 'lt', 'ge' and 'gt'
in order to give more flexibility to the language. Because of this
change, the 'dst_limit' keyword changed to 'dst_conn' and now requires
either a range or a test such as 'dst_conn lt 1000' which is more
understandable.

diff --git a/doc/haproxy-en.txt b/doc/haproxy-en.txt
index 73372e3..2a278b0 100644
--- a/doc/haproxy-en.txt
+++ b/doc/haproxy-en.txt

@@ -2550,20 +2550,20 @@
 possible for an acl to be specified multiple times, even with various tests, in
 which case the first one which returns true validates the ACL.
 
-As of 1.3.10, only the following tests have been implemented :
+As of 1.3.12, only the following tests have been implemented :
 
    Layer 3/4 :
      src       <ipv4_address>[/mask] ... : match IPv4 source address
      dst       <ipv4_address>[/mask] ... : match IPv4 destination address
-     src_port  <low>[:<high>] ...        : match source port range
-     dst_port  <low>[:<high>] ...        : match destination port range
-     dst_limit <max>        : true if frontend has less than <max> connections
+     src_port  <range> ...               : match source port range
+     dst_port  <range> ...               : match destination port range
+     dst_conn  <range> ...               : match #connections on frontend
 
    Layer 7 :
      method    <HTTP method> ...  : match HTTP method
      req_ver   <1.0|1.1> ...      : match HTTP request version
      resp_ver  <1.0|1.1> ...      : match HTTP response version
-     status    <low>[:<high>] ... : match HTTP response status code in range
+     status    <range> ...        : match HTTP response status code in range
      url       <string> ... : exact string match on URI
      url_reg   <regex>  ... : regex string match on URI
      url_beg   <string> ... : true if URI begins with <string>
@@ -2572,6 +2572,26 @@
      url_dir   <string> ... : true if URI contains <string> between slashes
      url_dom   <string> ... : true if URI contains <string> between slashes or dots
 
+A 'range' is one or two integers which may be prefixed by an operator.
+The syntax is :
+
+  [<op>] <low>[:<high>]
+
+Where <op> can be :
+  'eq' : the tested value must be equal to <low> or within <low>..<high>
+  'le' : the tested value must be lower than or equal to <low>
+  'lt' : the tested value must be lower than <low>
+  'ge' : the tested value must be greater than or equal to <low>
+  'gt' : the tested value must be greater than <low>
+
+When no operator is defined, 'eq' is assumed. Note that when the operator is
+specified, it applies to all subsequent ranges of values until the end of the
+line is reached or another operator is specified. Example :
+
+  acl status_error  status   400:599
+  acl saturated_frt dst_conn ge 1000
+  acl invalid_ports src_port lt 512 ge 65535
+
 Other ones are coming (headers, cookies, time, auth), it's just a matter of
 time. It is also planned to be able to read the patterns from a file, as well
 as to ignore the case for some of them.