On 16.11.2015 15:25, Dennis Jacobfeuerborn wrote: > Hi, > I'm trying to figure out the best way to match a source ip against an ip > mapping file and make decisions based on that. What I'm now doing is this: > > acl acl_is_xx src,map_ip(<map-file-1>) -m str xx > acl acl_is_yy src,map_ip(<map-file-1>) -m str yy > > http-request set-header X-Test wasxx if acl_is_xx ... > http-request set-header X-Test wasyy if acl_is_yy ... > > While this works my problem is that this requires two map look-ups. What > i would really like to do is this (pseudo code): > > acl acl_value src,map_ip(<map-file-1>) -m copy > http-request set-header X-Test wasxx if acl_value==xx > http-request set-header X-Test wasyy if acl_value==yy > > That way you only would have to do one look-up in the map and then > determine the the different cases based on simple string matches. > > As far as I can tell though ACLs only allow for matching and not for a > straight forward copy like I tried to express with the "-m copy" above. > > Is there an alternative way to express something like this?
Does nobody have any idea how to accomplish this? This is happening in a GeoIP context and I'm now planning to make distinct lookups for four different countries which seems pretty wasteful. Regards, Dennis
