diff --git a/net/haproxy/pkg-descr b/net/haproxy/pkg-descr
index c0396f6dc..0af36b5e2 100644
--- a/net/haproxy/pkg-descr
+++ b/net/haproxy/pkg-descr
@@ -27,7 +27,8 @@ Added:
* add support for GPC/GPT/SC to conditions and rules (#1123, #5109)
* add support for SSL SNI expression to servers (#3756)
* add column "mode" to servers overview (#4632)
-* add support for loading mapfiles in conditions
+* add support for loading mapfiles in conditions and rules
+* add support for sample fetches in rules
Fixed:
* Maintenance tab "SSL Certificates" not working with only one cert
diff --git a/net/haproxy/src/opnsense/mvc/app/controllers/OPNsense/HAProxy/forms/dialogAcl.xml b/net/haproxy/src/opnsense/mvc/app/controllers/OPNsense/HAProxy/forms/dialogAcl.xml
index 39716d8ad..192978937 100644
--- a/net/haproxy/src/opnsense/mvc/app/controllers/OPNsense/HAProxy/forms/dialogAcl.xml
+++ b/net/haproxy/src/opnsense/mvc/app/controllers/OPNsense/HAProxy/forms/dialogAcl.xml
@@ -266,6 +266,27 @@
text
+
+
+ header
+
+
+
+ acl.var_comparison
+
+ dropdown
+
+
+ acl.var
+
+ text
+
+
+
+ acl.var_value
+
+ text
+
header
@@ -1788,4 +1809,10 @@
dropdown
+
+ acl.converter
+
+ text
+
+
diff --git a/net/haproxy/src/opnsense/mvc/app/controllers/OPNsense/HAProxy/forms/dialogAction.xml b/net/haproxy/src/opnsense/mvc/app/controllers/OPNsense/HAProxy/forms/dialogAction.xml
index 0222a2f4b..64c4230b3 100644
--- a/net/haproxy/src/opnsense/mvc/app/controllers/OPNsense/HAProxy/forms/dialogAction.xml
+++ b/net/haproxy/src/opnsense/mvc/app/controllers/OPNsense/HAProxy/forms/dialogAction.xml
@@ -325,4 +325,22 @@
text
+
+ action.mapfile
+
+ dropdown
+
+
+
+ action.map_default
+
+ text
+
+
+
+ action.sample_fetch
+
+ text
+ http-request set-var(req.rate_limit) path,map_beg(/path/to/mapfile,20)http-request set-var(req.request_rate) base32+src,table_http_req_rate()]]>
+
diff --git a/net/haproxy/src/opnsense/mvc/app/models/OPNsense/HAProxy/HAProxy.xml b/net/haproxy/src/opnsense/mvc/app/models/OPNsense/HAProxy/HAProxy.xml
index a99d6d469..17d19969a 100644
--- a/net/haproxy/src/opnsense/mvc/app/models/OPNsense/HAProxy/HAProxy.xml
+++ b/net/haproxy/src/opnsense/mvc/app/models/OPNsense/HAProxy/HAProxy.xml
@@ -1951,6 +1951,7 @@
ssl_sni_sub – SNI TLS extension contains (TCP request content inspection)
stopping – HAProxy process is currently stopping
url_param – URL parameter contains
+ var – Compare the value of a variable
wait_end – Inspection period is over
Custom condition (option pass-through)
@@ -2076,6 +2077,25 @@
/^.{1,4096}$/u
N
+
+ /^.{1,4096}$/u
+ N
+
+
+ /^.{1,4096}$/u
+ N
+
+
+ N
+ gt
+
+ greater than
+ greater equal
+ equal
+ less than
+ less equal
+
+
0
500000
@@ -3467,6 +3487,10 @@
Related mapfile item not found
N
+
+ /^.{1,4096}$/u
+ N
+
@@ -4142,6 +4166,25 @@
Please specify a value between 0 and 99.
N
+
+
+
+ OPNsense.HAProxy.HAProxy
+ mapfiles.mapfile
+ name
+
+
+ Related mapfile item not found
+ N
+
+
+ /^.{1,4096}$/u
+ N
+
+
+ /^.{1,4096}$/u
+ N
+
diff --git a/net/haproxy/src/opnsense/service/templates/OPNsense/HAProxy/haproxy.conf b/net/haproxy/src/opnsense/service/templates/OPNsense/HAProxy/haproxy.conf
index 7e9c221cf..bf0ad72d8 100644
--- a/net/haproxy/src/opnsense/service/templates/OPNsense/HAProxy/haproxy.conf
+++ b/net/haproxy/src/opnsense/service/templates/OPNsense/HAProxy/haproxy.conf
@@ -1381,6 +1381,18 @@
{% set acl_enabled = '0' %}
# ERROR: missing parameters
{% endif %}
+{% elif acl_data.expression == 'var' %}
+{% if acl_data.var|default("") != "" and acl_data.var_value|default("") != "" %}
+{% if acl_data.converter|default("") != "" %}
+{% set converter_data = ',' ~ acl_data.converter %}
+{% else %}
+{% set converter_data = '' %}
+{% endif %}
+{% do acl_options.append('var' ~ acl_data.var ~ converter_data ~ ' ' ~ acl_data.var_comparison ~ ' ' ~ acl_data.var_value) %}
+{% else %}
+{% set acl_enabled = '0' %}
+ # ERROR: missing parameters
+{% endif %}
{# # handle boolean ACL types that do not require any input #}
{% elif acl_data.expression in acl_boolean_types %}
{% do acl_options.append(acl_data.expression) %}
@@ -1637,6 +1649,22 @@
{% set action_enabled = '0' %}
{% do global_action_options.append('# ERROR: unsupported rule type ' ~ action_data.type) %}
{% endif %}
+{# # Add sample fetch to map file config. #}
+{% if action_data.mapfile|default("") != "" %}
+{% set mapfile_data = helpers.getUUID(action_data.mapfile) %}
+{% set mapfile_path = '/tmp/haproxy/mapfiles/' ~ mapfile_data.id ~ '.txt' %}
+{% set mapfile_config = 'map_' ~ mapfile_data.type %}
+{% if action_data.map_default|default("") != "" %}
+{% set mapfile_default = ',' ~ action_data.map_default %}
+{% endif %}
+{% if action_data.sample_fetch|default("") != "" %}
+{% set mapfile_sf = action_data.sample_fetch ~ ',' %}
+{% endif %}
+{% do action_options.append(mapfile_sf ~ mapfile_config ~ '(' ~ mapfile_path ~ mapfile_default ~ ')') %}
+{# # Add/append sample fetch. #}
+{% elif action_data.sample_fetch|default("") != "" %}
+{% do action_options.append(action_data.sample_fetch) %}
+{% endif %}
{# # Is this rule enabled in the GUI? #}
{% if action_data.enabled|default('') == '1' %}
{# # check if action is valid #}