upstream/opnsense-plugins
1
0
Fork 0
mirror of https://github.com/opnsense/plugins.git synced 2026-05-28 04:34:15 -04:00
Code Issues Projects Releases Packages Wiki Activity Actions

net/haproxy: add support for GPC/GPT/SC, refs #1123 refs #5109

Browse source
This commit is contained in:
Frank Wall 2026-01-28 14:06:47 +01:00
parent 6e0fd49774
commit c380136258
4 changed files with 1493 additions and 258 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

2
net/haproxy/pkg-descr
View file

@ -24,6 +24,7 @@ Added:
* add all action keywords for http-request/-response and tcp-request/-response rules
* add "enabled" field to rules
* add support for all stick-table data types
* add support for GPC/GPT/SC to conditions (#1123, #5109)
Changed:
* upgrade to HAProxy 3.2 release series (#5147)
@ -32,6 +33,7 @@ Changed:
* change LUA boolean conversion (see tune.lua.bool-sample-conversion)
* stick-table "size" and "expiration time" are no longer advanced options (now always visible)
* replace stick-table type "ip" with "ipv4" (#5147)
* show the actual HAProxy option name in conditions for clarity
4.6

450
net/haproxy/src/opnsense/mvc/app/controllers/OPNsense/HAProxy/forms/dialogAcl.xml
View file

@ -19,7 +19,7 @@
<id>acl.expression</id>
<label>Condition type</label>
<type>dropdown</type>
<hint>Select condition type.</hint>
<help><![CDATA[Choose the condition type. Note that a wide range of sample fetch methods is either available in <a target="_blank" href="http://docs.haproxy.org/3.2/configuration.html#7.3.3">layer 4</a> or <a target="_blank" href="http://docs.haproxy.org/3.2/configuration.html#7.3.6">layer 7</a>. The syntax check will show errors when using an incompatible sample fetch method.]]></help>
</field>
<field>
<id>acl.negate</id>
@ -629,4 +629,452 @@
<type>textbox</type>
<help><![CDATA[Specify a HAProxy condition/ACL that is currently not supported by the GUI.]]></help>
</field>
<field>
<label>Parameters</label>
<type>header</type>
<style>expression_table table_sc_bytes_in_rate</style>
</field>
<field>
<id>acl.sc_bytes_in_rate_comparison</id>
<label>Comparison</label>
<type>dropdown</type>
</field>
<field>
<id>acl.sc_bytes_in_rate</id>
<label>Value</label>
<type>text</type>
</field>
<field>
<label>Parameters</label>
<type>header</type>
<style>expression_table table_sc_bytes_out_rate</style>
</field>
<field>
<id>acl.sc_bytes_out_rate_comparison</id>
<label>Comparison</label>
<type>dropdown</type>
</field>
<field>
<id>acl.sc_bytes_out_rate</id>
<label>Value</label>
<type>text</type>
</field>
<field>
<label>Parameters</label>
<type>header</type>
<style>expression_table table_sc_clr_gpc</style>
</field>
<field>
<id>acl.sc_clr_gpc_comparison</id>
<label>Comparison</label>
<type>dropdown</type>
</field>
<field>
<id>acl.sc_clr_gpc</id>
<label>Value</label>
<type>text</type>
</field>
<field>
<label>Parameters</label>
<type>header</type>
<style>expression_table table_sc_conn_cnt</style>
</field>
<field>
<id>acl.sc_conn_cnt_comparison</id>
<label>Comparison</label>
<type>dropdown</type>
</field>
<field>
<id>acl.sc_conn_cnt</id>
<label>Value</label>
<type>text</type>
</field>
<field>
<label>Parameters</label>
<type>header</type>
<style>expression_table table_sc_conn_cur</style>
</field>
<field>
<id>acl.sc_conn_cur_comparison</id>
<label>Comparison</label>
<type>dropdown</type>
</field>
<field>
<id>acl.sc_conn_cur</id>
<label>Value</label>
<type>text</type>
</field>
<field>
<label>Parameters</label>
<type>header</type>
<style>expression_table table_sc_conn_rate</style>
</field>
<field>
<id>acl.sc_conn_rate_comparison</id>
<label>Comparison</label>
<type>dropdown</type>
</field>
<field>
<id>acl.sc_conn_rate</id>
<label>Value</label>
<type>text</type>
</field>
<field>
<label>Parameters</label>
<type>header</type>
<style>expression_table table_sc_get_gpc</style>
</field>
<field>
<id>acl.sc_get_gpc_comparison</id>
<label>Comparison</label>
<type>dropdown</type>
</field>
<field>
<id>acl.sc_get_gpc</id>
<label>Value</label>
<type>text</type>
</field>
<field>
<label>Parameters</label>
<type>header</type>
<style>expression_table table_sc_get_gpt</style>
</field>
<field>
<id>acl.sc_get_gpt_comparison</id>
<label>Comparison</label>
<type>dropdown</type>
</field>
<field>
<id>acl.sc_get_gpt</id>
<label>Value</label>
<type>text</type>
</field>
<field>
<label>Parameters</label>
<type>header</type>
<style>expression_table table_sc_glitch_cnt</style>
</field>
<field>
<id>acl.sc_glitch_cnt_comparison</id>
<label>Comparison</label>
<type>dropdown</type>
</field>
<field>
<id>acl.sc_glitch_cnt</id>
<label>Value</label>
<type>text</type>
</field>
<field>
<label>Parameters</label>
<type>header</type>
<style>expression_table table_sc_glitch_rate</style>
</field>
<field>
<id>acl.sc_glitch_rate_comparison</id>
<label>Comparison</label>
<type>dropdown</type>
</field>
<field>
<id>acl.sc_glitch_rate</id>
<label>Value</label>
<type>text</type>
</field>
<field>
<label>Parameters</label>
<type>header</type>
<style>expression_table table_sc_gpc_rate</style>
</field>
<field>
<id>acl.sc_gpc_rate_comparison</id>
<label>Comparison</label>
<type>dropdown</type>
</field>
<field>
<id>acl.sc_gpc_rate</id>
<label>Value</label>
<type>text</type>
</field>
<field>
<label>Parameters</label>
<type>header</type>
<style>expression_table table_sc_http_err_cnt</style>
</field>
<field>
<id>acl.sc_http_err_cnt_comparison</id>
<label>Comparison</label>
<type>dropdown</type>
</field>
<field>
<id>acl.sc_http_err_cnt</id>
<label>Value</label>
<type>text</type>
</field>
<field>
<label>Parameters</label>
<type>header</type>
<style>expression_table table_sc_http_err_rate</style>
</field>
<field>
<id>acl.sc_http_err_rate_comparison</id>
<label>Comparison</label>
<type>dropdown</type>
</field>
<field>
<id>acl.sc_http_err_rate</id>
<label>Value</label>
<type>text</type>
</field>
<field>
<label>Parameters</label>
<type>header</type>
<style>expression_table table_sc_http_fail_cnt</style>
</field>
<field>
<id>acl.sc_http_fail_cnt_comparison</id>
<label>Comparison</label>
<type>dropdown</type>
</field>
<field>
<id>acl.sc_http_fail_cnt</id>
<label>Value</label>
<type>text</type>
</field>
<field>
<label>Parameters</label>
<type>header</type>
<style>expression_table table_sc_http_fail_rate</style>
</field>
<field>
<id>acl.sc_http_fail_rate_comparison</id>
<label>Comparison</label>
<type>dropdown</type>
</field>
<field>
<id>acl.sc_http_fail_rate</id>
<label>Value</label>
<type>text</type>
</field>
<field>
<label>Parameters</label>
<type>header</type>
<style>expression_table table_sc_http_req_cnt</style>
</field>
<field>
<id>acl.sc_http_req_cnt_comparison</id>
<label>Comparison</label>
<type>dropdown</type>
</field>
<field>
<id>acl.sc_http_req_cnt</id>
<label>Value</label>
<type>text</type>
</field>
<field>
<label>Parameters</label>
<type>header</type>
<style>expression_table table_sc_http_req_rate</style>
</field>
<field>
<id>acl.sc_http_req_rate_comparison</id>
<label>Comparison</label>
<type>dropdown</type>
</field>
<field>
<id>acl.sc_http_req_rate</id>
<label>Value</label>
<type>text</type>
</field>
<field>
<label>Parameters</label>
<type>header</type>
<style>expression_table table_sc_inc_gpc</style>
</field>
<field>
<id>acl.sc_inc_gpc_comparison</id>
<label>Comparison</label>
<type>dropdown</type>
</field>
<field>
<id>acl.sc_inc_gpc</id>
<label>Value</label>
<type>text</type>
</field>
<field>
<label>Parameters</label>
<type>header</type>
<style>expression_table table_sc_sess_cnt</style>
</field>
<field>
<id>acl.sc_sess_cnt_comparison</id>
<label>Comparison</label>
<type>dropdown</type>
</field>
<field>
<id>acl.sc_sess_cnt</id>
<label>Value</label>
<type>text</type>
</field>
<field>
<label>Parameters</label>
<type>header</type>
<style>expression_table table_sc_sess_rate</style>
</field>
<field>
<id>acl.sc_sess_rate_comparison</id>
<label>Comparison</label>
<type>dropdown</type>
</field>
<field>
<id>acl.sc_sess_rate</id>
<label>Value</label>
<type>text</type>
</field>
<field>
<label>Parameters</label>
<type>header</type>
<style>expression_table table_src_get_gpc</style>
</field>
<field>
<id>acl.src_get_gpc_comparison</id>
<label>Comparison</label>
<type>dropdown</type>
</field>
<field>
<id>acl.src_get_gpc</id>
<label>Value</label>
<type>text</type>
</field>
<field>
<label>Parameters</label>
<type>header</type>
<style>expression_table table_src_get_gpt</style>
</field>
<field>
<id>acl.src_get_gpt_comparison</id>
<label>Comparison</label>
<type>dropdown</type>
</field>
<field>
<id>acl.src_get_gpt</id>
<label>Value</label>
<type>text</type>
</field>
<field>
<label>Parameters</label>
<type>header</type>
<style>expression_table table_src_glitch_cnt</style>
</field>
<field>
<id>acl.src_glitch_cnt_comparison</id>
<label>Comparison</label>
<type>dropdown</type>
</field>
<field>
<id>acl.src_glitch_cnt</id>
<label>Value</label>
<type>text</type>
</field>
<field>
<label>Parameters</label>
<type>header</type>
<style>expression_table table_src_glitch_rate</style>
</field>
<field>
<id>acl.src_glitch_rate_comparison</id>
<label>Comparison</label>
<type>dropdown</type>
</field>
<field>
<id>acl.src_glitch_rate</id>
<label>Value</label>
<type>text</type>
</field>
<field>
<label>Parameters</label>
<type>header</type>
<style>expression_table table_src_gpc_rate</style>
</field>
<field>
<id>acl.src_gpc_rate_comparison</id>
<label>Comparison</label>
<type>dropdown</type>
</field>
<field>
<id>acl.src_gpc_rate</id>
<label>Value</label>
<type>text</type>
</field>
<field>
<label>Parameters</label>
<type>header</type>
<style>expression_table table_src_http_fail_cnt</style>
</field>
<field>
<id>acl.src_http_fail_cnt_comparison</id>
<label>Comparison</label>
<type>dropdown</type>
</field>
<field>
<id>acl.src_http_fail_cnt</id>
<label>Value</label>
<type>text</type>
</field>
<field>
<label>Parameters</label>
<type>header</type>
<style>expression_table table_src_http_fail_rate</style>
</field>
<field>
<id>acl.src_http_fail_rate_comparison</id>
<label>Comparison</label>
<type>dropdown</type>
</field>
<field>
<id>acl.src_http_fail_rate</id>
<label>Value</label>
<type>text</type>
</field>
<field>
<label>Parameters</label>
<type>header</type>
<style>expression_table table_src_inc_gpc</style>
</field>
<field>
<id>acl.src_inc_gpc_comparison</id>
<label>Comparison</label>
<type>dropdown</type>
</field>
<field>
<id>acl.src_inc_gpc</id>
<label>Value</label>
<type>text</type>
</field>
<field>
<label>Conditional Parameters</label>
<type>header</type>
</field>
<field>
<id>acl.gpc_number</id>
<label>GPC number</label>
<type>text</type>
<help><![CDATA[Refers to the number of the General Purpose Counter, e.g. 0 or 1 when using gpc0 or gpc1 respectively. This value will be ignored in rules that do not support GPC.]]></help>
</field>
<field>
<id>acl.gpt_number</id>
<label>GPT number</label>
<type>text</type>
<help><![CDATA[Refers to the number of the General Purpose Tag, e.g. 0 or 1 when using gpt0 or gpt1 respectively. This value will be ignored in rules that do not support GPT.]]></help>
</field>
<field>
<id>acl.sc_number</id>
<label>SC number</label>
<type>text</type>
<help><![CDATA[Refers to the number of the Stick Counter, e.g. 0 or 1 when using sc0 or sc1 respectively. This value will be ignored in rules that do not support SC.]]></help>
</field>
<field>
<id>acl.table_name</id>
<label>Table name</label>
<type>text</type>
<help><![CDATA[Specifies the name of a stick-table that will be used for key lookups. This is usually the name of the backend/frontend where the stick-stable is configured. When nothing is specified, the stick-table of the current backend/frontend will be used.]]></help>
</field>
</form>

552
net/haproxy/src/opnsense/mvc/app/models/OPNsense/HAProxy/HAProxy.xml
View file

@ -1817,63 +1817,87 @@
<expression type="OptionField">
<Required>Y</Required>
<OptionValues>
<stopping>HAProxy process is currently stopping</stopping>
<http_auth>HTTP Basic Auth: username/password from client matches selected User/Group</http_auth>
<hdr_beg>Host starts with</hdr_beg>
<hdr_end>Host ends with</hdr_end>
<hdr>Host matches</hdr>
<hdr_reg>Host regex</hdr_reg>
<hdr_sub>Host contains</hdr_sub>
<path_beg>Path starts with</path_beg>
<path_end>Path ends with</path_end>
<path>Path matches</path>
<path_reg>Path regex</path_reg>
<path_dir>Path contains subdir</path_dir>
<path_sub>Path contains string</path_sub>
<cust_hdr_beg>HTTP Header starts with</cust_hdr_beg>
<cust_hdr_end>HTTP Header ends with</cust_hdr_end>
<cust_hdr>HTTP Header matches</cust_hdr>
<cust_hdr_reg>HTTP Header regex</cust_hdr_reg>
<cust_hdr_sub>HTTP Header contains</cust_hdr_sub>
<http_method>HTTP Method</http_method>
<wait_end>Inspection period is over (WAIT_END)</wait_end>
<quic_enabled>QUIC transport protocol is enabled</quic_enabled>
<url_param>URL parameter contains</url_param>
<ssl_c_verify>SSL Client certificate is valid</ssl_c_verify>
<ssl_c_verify_code>SSL Client certificate verify error result</ssl_c_verify_code>
<ssl_c_ca_commonname>SSL Client certificate issued by CA common-name</ssl_c_ca_commonname>
<ssl_hello_type>SSL Hello Type</ssl_hello_type>
<src>Source IP matches specified IP</src>
<src_is_local>Source IP is local</src_is_local>
<src_port>Source IP: TCP source port</src_port>
<src_bytes_in_rate>Source IP: incoming bytes rate</src_bytes_in_rate>
<src_bytes_out_rate>Source IP: outgoing bytes rate</src_bytes_out_rate>
<src_kbytes_in>Source IP: amount of data received (in kilobytes)</src_kbytes_in>
<src_kbytes_out>Source IP: amount of data sent (in kilobytes)</src_kbytes_out>
<!-- <src_clr_gpc0>Source IP: clear first General Purpose Counter</src_clr_gpc0> -->
<src_conn_cnt>Source IP: cumulative number of connections</src_conn_cnt>
<src_conn_cur>Source IP: concurrent connections</src_conn_cur>
<src_conn_rate>Source IP: connection rate</src_conn_rate>
<!-- <src_get_gpc0>Source IP: get first General Purpose Counter</src_get_gpc0> -->
<!-- <src_get_gpt0>Source IP: get first General Purpose Tag</src_get_gpt0> -->
<!-- <src_gpc0_rate>Source IP: increment rate of the first General Purpose Counter</src_gpc0_rate> -->
<src_http_err_cnt>Source IP: cumulative number of HTTP errors</src_http_err_cnt>
<src_http_err_rate>Source IP: rate of HTTP errors</src_http_err_rate>
<src_http_req_cnt>Source IP: number of HTTP requests</src_http_req_cnt>
<src_http_req_rate>Source IP: rate of HTTP requests</src_http_req_rate>
<!-- <src_inc_gpc0>Source IP: increment the first General Purpose Counter</src_inc_gpc0> -->
<src_sess_cnt>Source IP: cumulative number of sessions</src_sess_cnt>
<src_sess_rate>Source IP: session rate</src_sess_rate>
<nbsrv>Minimum number of usable servers in backend</nbsrv>
<traffic_is_http>Traffic is HTTP</traffic_is_http>
<traffic_is_ssl>Traffic is SSL (TCP request content inspection)</traffic_is_ssl>
<ssl_fc>Traffic is SSL (locally deciphered)</ssl_fc>
<ssl_fc_sni>SNI TLS extension matches (locally deciphered)</ssl_fc_sni>
<ssl_sni>SNI TLS extension matches (TCP request content inspection)</ssl_sni>
<ssl_sni_sub>SNI TLS extension contains (TCP request content inspection)</ssl_sni_sub>
<ssl_sni_beg>SNI TLS extension starts with (TCP request content inspection)</ssl_sni_beg>
<ssl_sni_end>SNI TLS extension ends with (TCP request content inspection)</ssl_sni_end>
<ssl_sni_reg>SNI TLS extension regex (TCP request content inspection)</ssl_sni_reg>
<cust_hdr_beg>hdr_beg specified HTTP Header starts with</cust_hdr_beg>
<cust_hdr_end>hdr_end specified HTTP Header ends with</cust_hdr_end>
<cust_hdr>hdr specified HTTP Header matches</cust_hdr>
<cust_hdr_reg>hdr_reg specified HTTP Header regex</cust_hdr_reg>
<cust_hdr_sub>hdr_sub specified HTTP Header contains</cust_hdr_sub>
<hdr_beg>hdr_beg HTTP Host Header starts with</hdr_beg>
<hdr_end>hdr_end HTTP Host Header ends with</hdr_end>
<hdr>hdr HTTP Host Header matches</hdr>
<hdr_reg>hdr_reg HTTP Host Header regex</hdr_reg>
<hdr_sub>hdr_sub HTTP Host Header contains</hdr_sub>
<http_auth>http_auth HTTP Basic Auth: username/password from client matches selected User/Group</http_auth>
<http_method>http_method HTTP Method</http_method>
<nbsrv>nbsrv Minimum number of usable servers in backend</nbsrv>
<path_beg>path_beg Path starts with</path_beg>
<path_dir>path_dir Path contains subdir</path_dir>
<path_end>path_end Path ends with</path_end>
<path>path Path matches</path>
<path_reg>path_reg Path regex</path_reg>
<path_sub>path_sub Path contains string</path_sub>
<quic_enabled>quic_enabled QUIC transport protocol is enabled</quic_enabled>
<traffic_is_http>req.proto_http Traffic is HTTP</traffic_is_http>
<traffic_is_ssl>req.ssl_ver Traffic is SSL (TCP request content inspection)</traffic_is_ssl>
<sc_bytes_in_rate>sc_bytes_in_rate Sticky counter: incoming bytes rate</sc_bytes_in_rate>
<sc_bytes_out_rate>sc_bytes_out_rate Sticky counter: outgoing bytes rate</sc_bytes_out_rate>
<sc_clr_gpc>sc_clr_gpc Sticky counter: clear General Purpose Counter</sc_clr_gpc>
<sc_conn_cnt>sc_conn_cnt Sticky counter: cumulative number of connections</sc_conn_cnt>
<sc_conn_cur>sc_conn_cur Sticky counter: concurrent connections</sc_conn_cur>
<sc_conn_rate>sc_conn_rate Sticky counter: connection rate</sc_conn_rate>
<sc_get_gpc>sc_get_gpc Sticky counter: get General Purpose Counter value</sc_get_gpc>
<sc_get_gpt>sc_get_gpt Sticky counter: get General Purpose Tag value</sc_get_gpt>
<sc_glitch_cnt>sc_glitch_cnt Sticky counter: cumulative number of glitches</sc_glitch_cnt>
<sc_glitch_rate>sc_glitch_rate Sticky counter: rate of glitches</sc_glitch_rate>
<sc_gpc_rate>sc_gpc_rate Sticky counter: increment rate of General Purpose Counter</sc_gpc_rate>
<sc_http_err_cnt>sc_http_err_cnt Sticky counter: cumulative number of HTTP errors</sc_http_err_cnt>
<sc_http_err_rate>sc_http_err_rate Sticky counter: rate of HTTP errors</sc_http_err_rate>
<sc_http_fail_cnt>sc_http_fail_cnt Sticky counter: cumulative number of HTTP failures</sc_http_fail_cnt>
<sc_http_fail_rate>sc_http_fail_rate Sticky counter: rate of HTTP failures</sc_http_fail_rate>
<sc_http_req_cnt>sc_http_req_cnt Sticky counter: cumulative number of HTTP requests</sc_http_req_cnt>
<sc_http_req_rate>sc_http_req_rate Sticky counter: rate of HTTP requests</sc_http_req_rate>
<sc_inc_gpc>sc_inc_gpc Sticky counter: increment General Purpose Counter</sc_inc_gpc>
<sc_sess_cnt>sc_sess_cnt Sticky counter: cumulative number of sessions</sc_sess_cnt>
<sc_sess_rate>sc_sess_rate Sticky counter: session rate</sc_sess_rate>
<src_bytes_in_rate>src_bytes_in_rate Source IP: incoming bytes rate</src_bytes_in_rate>
<src_bytes_out_rate>src_bytes_out_rate Source IP: outgoing bytes rate</src_bytes_out_rate>
<src_clr_gpc>Source IP: clear General Purpose Counter</src_clr_gpc>
<src_conn_cnt>src_conn_cnt Source IP: cumulative number of connections</src_conn_cnt>
<src_conn_cur>src_conn_cur Source IP: concurrent connections</src_conn_cur>
<src_conn_rate>src_conn_rate Source IP: connection rate</src_conn_rate>
<src_get_gpc>src_get_gpc Source IP: get General Purpose Counter value</src_get_gpc>
<src_get_gpt>src_get_gpt Source IP: get General Purpose Tag value</src_get_gpt>
<src_glitch_cnt>src_glitch_cnt Source IP: cumulative number of glitches</src_glitch_cnt>
<src_glitch_rate>src_glitch_rate Source IP: rate of glitches</src_glitch_rate>
<src_gpc_rate>src_gpc_rate Source IP: increment rate of General Purpose Counter</src_gpc_rate>
<src_http_err_cnt>src_http_err_cnt Source IP: cumulative number of HTTP errors</src_http_err_cnt>
<src_http_err_rate>src_http_err_rate Source IP: rate of HTTP errors</src_http_err_rate>
<src_http_fail_cnt>src_http_fail_cnt Source IP: cumulative number of HTTP failures</src_http_fail_cnt>
<src_http_fail_rate>src_http_fail_rate Source IP: rate of HTTP failures</src_http_fail_rate>
<src_http_req_cnt>src_http_req_cnt Source IP: number of HTTP requests</src_http_req_cnt>
<src_http_req_rate>src_http_req_rate Source IP: rate of HTTP requests</src_http_req_rate>
<src_inc_gpc>src_inc_gpc Source IP: increment General Purpose Counter</src_inc_gpc>
<src_is_local>src_is_local Source IP is local</src_is_local>
<src_kbytes_in>src_kbytes_in Source IP: amount of data received (in kilobytes)</src_kbytes_in>
<src_kbytes_out>src_kbytes_out Source IP: amount of data sent (in kilobytes)</src_kbytes_out>
<src_port>src_port Source IP: TCP source port</src_port>
<src_sess_cnt>src_sess_cnt Source IP: cumulative number of sessions</src_sess_cnt>
<src_sess_rate>src_sess_rate Source IP: session rate</src_sess_rate>
<src>src Source IP matches specified IP</src>
<ssl_c_ca_commonname>ssl_c_ca_commonname SSL Client certificate issued by CA common-name</ssl_c_ca_commonname>
<ssl_c_verify_code>ssl_c_verify_code SSL Client certificate verify error result</ssl_c_verify_code>
<ssl_c_verify>ssl_c_verify SSL Client certificate is valid</ssl_c_verify>
<ssl_fc_sni>ssl_fc_sni SNI TLS extension matches (locally deciphered)</ssl_fc_sni>
<ssl_fc>ssl_fc Traffic is SSL (locally deciphered)</ssl_fc>
<ssl_hello_type>ssl_hello_type SSL Hello Type</ssl_hello_type>
<ssl_sni_beg>ssl_sni_beg SNI TLS extension starts with (TCP request content inspection)</ssl_sni_beg>
<ssl_sni_end>ssl_sni_end SNI TLS extension ends with (TCP request content inspection)</ssl_sni_end>
<ssl_sni_reg>ssl_sni_reg SNI TLS extension regex (TCP request content inspection)</ssl_sni_reg>
<ssl_sni>ssl_sni SNI TLS extension matches (TCP request content inspection)</ssl_sni>
<ssl_sni_sub>ssl_sni_sub SNI TLS extension contains (TCP request content inspection)</ssl_sni_sub>
<stopping>stopping HAProxy process is currently stopping</stopping>
<url_param>url_param URL parameter contains</url_param>
<wait_end>wait_end Inspection period is over</wait_end>
<custom_acl>Custom condition (option pass-through)</custom_acl>
</OptionValues>
</expression>
@ -2320,6 +2344,420 @@
<TRACE>TRACE</TRACE>
</OptionValues>
</http_method>
<sc_bytes_in_rate_comparison type="OptionField">
<Required>N</Required>
<Default>gt</Default>
<OptionValues>
<gt>greater than</gt>
<ge>greater equal</ge>
<eq>equal</eq>
<lt>less than</lt>
<le>less equal</le>
</OptionValues>
</sc_bytes_in_rate_comparison>
<sc_bytes_in_rate type="IntegerField">
<Required>N</Required>
</sc_bytes_in_rate>
<sc_bytes_out_rate_comparison type="OptionField">
<Required>N</Required>
<Default>gt</Default>
<OptionValues>
<gt>greater than</gt>
<ge>greater equal</ge>
<eq>equal</eq>
<lt>less than</lt>
<le>less equal</le>
</OptionValues>
</sc_bytes_out_rate_comparison>
<sc_bytes_out_rate type="IntegerField">
<Required>N</Required>
</sc_bytes_out_rate>
<sc_clr_gpc_comparison type="OptionField">
<Required>N</Required>
<Default>gt</Default>
<OptionValues>
<gt>greater than</gt>
<ge>greater equal</ge>
<eq>equal</eq>
<lt>less than</lt>
<le>less equal</le>
</OptionValues>
</sc_clr_gpc_comparison>
<sc_clr_gpc type="IntegerField">
<Required>N</Required>
</sc_clr_gpc>
<sc_conn_cnt_comparison type="OptionField">
<Required>N</Required>
<Default>gt</Default>
<OptionValues>
<gt>greater than</gt>
<ge>greater equal</ge>
<eq>equal</eq>
<lt>less than</lt>
<le>less equal</le>
</OptionValues>
</sc_conn_cnt_comparison>
<sc_conn_cnt type="IntegerField">
<Required>N</Required>
</sc_conn_cnt>
<sc_conn_cur_comparison type="OptionField">
<Required>N</Required>
<Default>gt</Default>
<OptionValues>
<gt>greater than</gt>
<ge>greater equal</ge>
<eq>equal</eq>
<lt>less than</lt>
<le>less equal</le>
</OptionValues>
</sc_conn_cur_comparison>
<sc_conn_cur type="IntegerField">
<Required>N</Required>
</sc_conn_cur>
<sc_conn_rate_comparison type="OptionField">
<Required>N</Required>
<Default>gt</Default>
<OptionValues>
<gt>greater than</gt>
<ge>greater equal</ge>
<eq>equal</eq>
<lt>less than</lt>
<le>less equal</le>
</OptionValues>
</sc_conn_rate_comparison>
<sc_conn_rate type="IntegerField">
<Required>N</Required>
</sc_conn_rate>
<sc_get_gpc_comparison type="OptionField">
<Required>N</Required>
<Default>gt</Default>
<OptionValues>
<gt>greater than</gt>
<ge>greater equal</ge>
<eq>equal</eq>
<lt>less than</lt>
<le>less equal</le>
</OptionValues>
</sc_get_gpc_comparison>
<sc_get_gpc type="IntegerField">
<Required>N</Required>
</sc_get_gpc>
<sc_get_gpt_comparison type="OptionField">
<Required>N</Required>
<Default>gt</Default>
<OptionValues>
<gt>greater than</gt>
<ge>greater equal</ge>
<eq>equal</eq>
<lt>less than</lt>
<le>less equal</le>
</OptionValues>
</sc_get_gpt_comparison>
<sc_get_gpt type="IntegerField">
<Required>N</Required>
</sc_get_gpt>
<sc_glitch_cnt_comparison type="OptionField">
<Required>N</Required>
<Default>gt</Default>
<OptionValues>
<gt>greater than</gt>
<ge>greater equal</ge>
<eq>equal</eq>
<lt>less than</lt>
<le>less equal</le>
</OptionValues>
</sc_glitch_cnt_comparison>
<sc_glitch_cnt type="IntegerField">
<Required>N</Required>
</sc_glitch_cnt>
<sc_glitch_rate_comparison type="OptionField">
<Required>N</Required>
<Default>gt</Default>
<OptionValues>
<gt>greater than</gt>
<ge>greater equal</ge>
<eq>equal</eq>
<lt>less than</lt>
<le>less equal</le>
</OptionValues>
</sc_glitch_rate_comparison>
<sc_glitch_rate type="IntegerField">
<Required>N</Required>
</sc_glitch_rate>
<sc_gpc_rate_comparison type="OptionField">
<Required>N</Required>
<Default>gt</Default>
<OptionValues>
<gt>greater than</gt>
<ge>greater equal</ge>
<eq>equal</eq>
<lt>less than</lt>
<le>less equal</le>
</OptionValues>
</sc_gpc_rate_comparison>
<sc_gpc_rate type="IntegerField">
<Required>N</Required>
</sc_gpc_rate>
<sc_http_err_cnt_comparison type="OptionField">
<Required>N</Required>
<Default>gt</Default>
<OptionValues>
<gt>greater than</gt>
<ge>greater equal</ge>
<eq>equal</eq>
<lt>less than</lt>
<le>less equal</le>
</OptionValues>
</sc_http_err_cnt_comparison>
<sc_http_err_cnt type="IntegerField">
<Required>N</Required>
</sc_http_err_cnt>
<sc_http_err_rate_comparison type="OptionField">
<Required>N</Required>
<Default>gt</Default>
<OptionValues>
<gt>greater than</gt>
<ge>greater equal</ge>
<eq>equal</eq>
<lt>less than</lt>
<le>less equal</le>
</OptionValues>
</sc_http_err_rate_comparison>
<sc_http_err_rate type="IntegerField">
<Required>N</Required>
</sc_http_err_rate>
<sc_http_fail_cnt_comparison type="OptionField">
<Required>N</Required>
<Default>gt</Default>
<OptionValues>
<gt>greater than</gt>
<ge>greater equal</ge>
<eq>equal</eq>
<lt>less than</lt>
<le>less equal</le>
</OptionValues>
</sc_http_fail_cnt_comparison>
<sc_http_fail_cnt type="IntegerField">
<Required>N</Required>
</sc_http_fail_cnt>
<sc_http_fail_rate_comparison type="OptionField">
<Required>N</Required>
<Default>gt</Default>
<OptionValues>
<gt>greater than</gt>
<ge>greater equal</ge>
<eq>equal</eq>
<lt>less than</lt>
<le>less equal</le>
</OptionValues>
</sc_http_fail_rate_comparison>
<sc_http_fail_rate type="IntegerField">
<Required>N</Required>
</sc_http_fail_rate>
<sc_http_req_cnt_comparison type="OptionField">
<Required>N</Required>
<Default>gt</Default>
<OptionValues>
<gt>greater than</gt>
<ge>greater equal</ge>
<eq>equal</eq>
<lt>less than</lt>
<le>less equal</le>
</OptionValues>
</sc_http_req_cnt_comparison>
<sc_http_req_cnt type="IntegerField">
<Required>N</Required>
</sc_http_req_cnt>
<sc_http_req_rate_comparison type="OptionField">
<Required>N</Required>
<Default>gt</Default>
<OptionValues>
<gt>greater than</gt>
<ge>greater equal</ge>
<eq>equal</eq>
<lt>less than</lt>
<le>less equal</le>
</OptionValues>
</sc_http_req_rate_comparison>
<sc_http_req_rate type="IntegerField">
<Required>N</Required>
</sc_http_req_rate>
<sc_inc_gpc_comparison type="OptionField">
<Required>N</Required>
<Default>gt</Default>
<OptionValues>
<gt>greater than</gt>
<ge>greater equal</ge>
<eq>equal</eq>
<lt>less than</lt>
<le>less equal</le>
</OptionValues>
</sc_inc_gpc_comparison>
<sc_inc_gpc type="IntegerField">
<Required>N</Required>
</sc_inc_gpc>
<sc_sess_cnt_comparison type="OptionField">
<Required>N</Required>
<Default>gt</Default>
<OptionValues>
<gt>greater than</gt>
<ge>greater equal</ge>
<eq>equal</eq>
<lt>less than</lt>
<le>less equal</le>
</OptionValues>
</sc_sess_cnt_comparison>
<sc_sess_cnt type="IntegerField">
<Required>N</Required>
</sc_sess_cnt>
<sc_sess_rate_comparison type="OptionField">
<Required>N</Required>
<Default>gt</Default>
<OptionValues>
<gt>greater than</gt>
<ge>greater equal</ge>
<eq>equal</eq>
<lt>less than</lt>
<le>less equal</le>
</OptionValues>
</sc_sess_rate_comparison>
<sc_sess_rate type="IntegerField">
<Required>N</Required>
</sc_sess_rate>
<src_get_gpc_comparison type="OptionField">
<Required>N</Required>
<Default>gt</Default>
<OptionValues>
<gt>greater than</gt>
<ge>greater equal</ge>
<eq>equal</eq>
<lt>less than</lt>
<le>less equal</le>
</OptionValues>
</src_get_gpc_comparison>
<src_get_gpc type="IntegerField">
<Required>N</Required>
</src_get_gpc>
<src_get_gpt_comparison type="OptionField">
<Required>N</Required>
<Default>gt</Default>
<OptionValues>
<gt>greater than</gt>
<ge>greater equal</ge>
<eq>equal</eq>
<lt>less than</lt>
<le>less equal</le>
</OptionValues>
</src_get_gpt_comparison>
<src_get_gpt type="IntegerField">
<Required>N</Required>
</src_get_gpt>
<src_glitch_cnt_comparison type="OptionField">
<Required>N</Required>
<Default>gt</Default>
<OptionValues>
<gt>greater than</gt>
<ge>greater equal</ge>
<eq>equal</eq>
<lt>less than</lt>
<le>less equal</le>
</OptionValues>
</src_glitch_cnt_comparison>
<src_glitch_cnt type="IntegerField">
<Required>N</Required>
</src_glitch_cnt>
<src_glitch_rate_comparison type="OptionField">
<Required>N</Required>
<Default>gt</Default>
<OptionValues>
<gt>greater than</gt>
<ge>greater equal</ge>
<eq>equal</eq>
<lt>less than</lt>
<le>less equal</le>
</OptionValues>
</src_glitch_rate_comparison>
<src_glitch_rate type="IntegerField">
<Required>N</Required>
</src_glitch_rate>
<src_gpc_rate_comparison type="OptionField">
<Required>N</Required>
<Default>gt</Default>
<OptionValues>
<gt>greater than</gt>
<ge>greater equal</ge>
<eq>equal</eq>
<lt>less than</lt>
<le>less equal</le>
</OptionValues>
</src_gpc_rate_comparison>
<src_gpc_rate type="IntegerField">
<Required>N</Required>
</src_gpc_rate>
<src_http_fail_cnt_comparison type="OptionField">
<Required>N</Required>
<Default>gt</Default>
<OptionValues>
<gt>greater than</gt>
<ge>greater equal</ge>
<eq>equal</eq>
<lt>less than</lt>
<le>less equal</le>
</OptionValues>
</src_http_fail_cnt_comparison>
<src_http_fail_cnt type="IntegerField">
<Required>N</Required>
</src_http_fail_cnt>
<src_http_fail_rate_comparison type="OptionField">
<Required>N</Required>
<Default>gt</Default>
<OptionValues>
<gt>greater than</gt>
<ge>greater equal</ge>
<eq>equal</eq>
<lt>less than</lt>
<le>less equal</le>
</OptionValues>
</src_http_fail_rate_comparison>
<src_http_fail_rate type="IntegerField">
<Required>N</Required>
</src_http_fail_rate>
<src_inc_gpc_comparison type="OptionField">
<Required>N</Required>
<Default>gt</Default>
<OptionValues>
<gt>greater than</gt>
<ge>greater equal</ge>
<eq>equal</eq>
<lt>less than</lt>
<le>less equal</le>
</OptionValues>
</src_inc_gpc_comparison>
<src_inc_gpc type="IntegerField">
<Required>N</Required>
</src_inc_gpc>
<gpc_number type="IntegerField">
<MinimumValue>0</MinimumValue>
<MaximumValue>100</MaximumValue>
<ValidationMessage>Please specify a value between 0 and 99.</ValidationMessage>
<Required>N</Required>
</gpc_number>
<gpt_number type="IntegerField">
<MinimumValue>0</MinimumValue>
<MaximumValue>100</MaximumValue>
<ValidationMessage>Please specify a value between 0 and 99.</ValidationMessage>
<Required>N</Required>
</gpt_number>
<sc_number type="IntegerField">
<MinimumValue>0</MinimumValue>
<MaximumValue>100</MaximumValue>
<ValidationMessage>Please specify a value between 0 and 99.</ValidationMessage>
<Required>N</Required>
</sc_number>
<table_name type="TextField">
<Mask>/^.{1,4096}$/u</Mask>
<Required>N</Required>
</table_name>
</acl>
</acls>
<actions>

747
net/haproxy/src/opnsense/service/templates/OPNsense/HAProxy/haproxy.conf
View file

@ -41,7 +41,8 @@
{# Macro expects a CSV list of Actions and validates them. #}
{%- macro AclsAndActions(linkedData) -%}
{% if linkedData is defined %}
{% set acl_boolean_types = ['quic_enabled', 'stopping', 'wait_end'] %}
{# # a list of simple boolean ACL types #}
{% set acl_boolean_types = ['quic_enabled', 'src_is_local', 'stopping', 'wait_end'] %}
{# # remember all ACLs to avoid duplicate declarations #}
{% set acls_seen = [] %}
{% set global_action_options = [] %}
@ -75,137 +76,13 @@
{% endif %}
{% do acls_seen.append(acl_data.id) %}
{% set acl_options = [] %}
{% if acl_data.expression == 'http_auth' %}
{% if acl_data.allowedUsers|default("") != "" or acl_data.allowedGroups|default("") != "" %}
{% do acl_options.append('http_auth(acl_' ~ acl_data.id ~ ')') %}
{% else %}
{% set acl_enabled = '0' %}
# ERROR: missing parameters
{% endif %}
{% elif acl_data.expression == 'hdr_beg' %}
{% if acl_data.hdr_beg|default("") != "" %}
{% do acl_options.append('hdr_beg(host)') %}
{% if acl_data.expression == 'cust_hdr' %}
{% if acl_data.cust_hdr|default("") != "" and acl_data.cust_hdr_name|default("") != "" %}
{% do acl_options.append('hdr(' ~ acl_data.cust_hdr_name ~ ')') %}
{% if acl_data.caseSensitive|default('0') == '0' %}
{% do acl_options.append('-i') %}
{% endif %}
{% do acl_options.append(acl_data.hdr_beg) %}
{% else %}
{% set acl_enabled = '0' %}
# ERROR: missing parameters
{% endif %}
{% elif acl_data.expression == 'hdr_end' %}
{% if acl_data.hdr_end|default("") != "" %}
{% do acl_options.append('hdr_end(host)') %}
{% if acl_data.caseSensitive|default('0') == '0' %}
{% do acl_options.append('-i') %}
{% endif %}
{% do acl_options.append(acl_data.hdr_end) %}
{% else %}
{% set acl_enabled = '0' %}
# ERROR: missing parameters
{% endif %}
{% elif acl_data.expression == 'hdr' %}
{% if acl_data.hdr|default("") != "" %}
{% do acl_options.append('hdr(host)') %}
{% if acl_data.caseSensitive|default('0') == '0' %}
{% do acl_options.append('-i') %}
{% endif %}
{% do acl_options.append(acl_data.hdr) %}
{% else %}
{% set acl_enabled = '0' %}
# ERROR: missing parameters
{% endif %}
{% elif acl_data.expression == 'hdr_reg' %}
{% if acl_data.hdr_reg|default("") != "" %}
{% do acl_options.append('hdr_reg(host)') %}
{% if acl_data.caseSensitive|default('0') == '0' %}
{% do acl_options.append('-i') %}
{% endif %}
{% do acl_options.append(acl_data.hdr_reg) %}
{% else %}
{% set acl_enabled = '0' %}
# ERROR: missing parameters
{% endif %}
{% elif acl_data.expression == 'hdr_sub' %}
{% if acl_data.hdr_sub|default("") != "" %}
{% do acl_options.append('hdr_sub(host)') %}
{% if acl_data.caseSensitive|default('0') == '0' %}
{% do acl_options.append('-i') %}
{% endif %}
{% do acl_options.append(acl_data.hdr_sub) %}
{% else %}
{% set acl_enabled = '0' %}
# ERROR: missing parameters
{% endif %}
{% elif acl_data.expression == 'http_method' %}
{% if acl_data.http_method|default("") != "" %}
{% do acl_options.append('method ' ~ acl_data.http_method|replace(',', ' ')) %}
{% else %}
{% set acl_enabled = '0' %}
# ERROR: missing parameters
{% endif %}
{% elif acl_data.expression == 'path_beg' %}
{% if acl_data.path_beg|default("") != "" %}
{% do acl_options.append('path_beg') %}
{% if acl_data.caseSensitive|default('0') == '0' %}
{% do acl_options.append('-i') %}
{% endif %}
{% do acl_options.append(acl_data.path_beg) %}
{% else %}
{% set acl_enabled = '0' %}
# ERROR: missing parameters
{% endif %}
{% elif acl_data.expression == 'path_end' %}
{% if acl_data.path_end|default("") != "" %}
{% do acl_options.append('path_end') %}
{% if acl_data.caseSensitive|default('0') == '0' %}
{% do acl_options.append('-i') %}
{% endif %}
{% do acl_options.append(acl_data.path_end) %}
{% else %}
{% set acl_enabled = '0' %}
# ERROR: missing parameters
{% endif %}
{% elif acl_data.expression == 'path' %}
{% if acl_data.path|default("") != "" %}
{% do acl_options.append('path') %}
{% if acl_data.caseSensitive|default('0') == '0' %}
{% do acl_options.append('-i') %}
{% endif %}
{% do acl_options.append(acl_data.path) %}
{% else %}
{% set acl_enabled = '0' %}
# ERROR: missing parameters
{% endif %}
{% elif acl_data.expression == 'path_reg' %}
{% if acl_data.path_reg|default("") != "" %}
{% do acl_options.append('path_reg') %}
{% if acl_data.caseSensitive|default('0') == '0' %}
{% do acl_options.append('-i') %}
{% endif %}
{% do acl_options.append(acl_data.path_reg) %}
{% else %}
{% set acl_enabled = '0' %}
# ERROR: missing parameters
{% endif %}
{% elif acl_data.expression == 'path_dir' %}
{% if acl_data.path_dur|default("") != "" %}
{% do acl_options.append('path_dir') %}
{% if acl_data.caseSensitive|default('0') == '0' %}
{% do acl_options.append('-i') %}
{% endif %}
{% do acl_options.append(acl_data.path_dir) %}
{% else %}
{% set acl_enabled = '0' %}
# ERROR: missing parameters
{% endif %}
{% elif acl_data.expression == 'path_sub' %}
{% if acl_data.path_sub|default("") != "" %}
{% do acl_options.append('path_sub') %}
{% if acl_data.caseSensitive|default('0') == '0' %}
{% do acl_options.append('-i') %}
{% endif %}
{% do acl_options.append(acl_data.path_sub) %}
{% do acl_options.append(acl_data.cust_hdr) %}
{% else %}
{% set acl_enabled = '0' %}
# ERROR: missing parameters
@ -232,17 +109,6 @@
{% set acl_enabled = '0' %}
# ERROR: missing parameters
{% endif %}
{% elif acl_data.expression == 'cust_hdr' %}
{% if acl_data.cust_hdr|default("") != "" and acl_data.cust_hdr_name|default("") != "" %}
{% do acl_options.append('hdr(' ~ acl_data.cust_hdr_name ~ ')') %}
{% if acl_data.caseSensitive|default('0') == '0' %}
{% do acl_options.append('-i') %}
{% endif %}
{% do acl_options.append(acl_data.cust_hdr) %}
{% else %}
{% set acl_enabled = '0' %}
# ERROR: missing parameters
{% endif %}
{% elif acl_data.expression == 'cust_hdr_reg' %}
{% if acl_data.cust_hdr_reg|default("") != "" and acl_data.cust_hdr_reg_name|default("") != "" %}
{% do acl_options.append('hdr_reg(' ~ acl_data.cust_hdr_reg_name ~ ')') %}
@ -265,17 +131,537 @@
{% set acl_enabled = '0' %}
# ERROR: missing parameters
{% endif %}
{% elif acl_data.expression == 'url_param' %}
{% if acl_data.url_param_value|default("") != "" and acl_data.url_param|default("") != "" %}
{% do acl_options.append('url_param(' ~ acl_data.url_param ~ ')') %}
{% elif acl_data.expression == 'hdr' %}
{% if acl_data.hdr|default("") != "" %}
{% do acl_options.append('hdr(host)') %}
{% if acl_data.caseSensitive|default('0') == '0' %}
{% do acl_options.append('-i') %}
{% endif %}
{% do acl_options.append(acl_data.url_param_value) %}
{% do acl_options.append(acl_data.hdr) %}
{% else %}
{% set acl_enabled = '0' %}
# ERROR: missing parameters
{% endif %}
{% elif acl_data.expression == 'hdr_beg' %}
{% if acl_data.hdr_beg|default("") != "" %}
{% do acl_options.append('hdr_beg(host)') %}
{% if acl_data.caseSensitive|default('0') == '0' %}
{% do acl_options.append('-i') %}
{% endif %}
{% do acl_options.append(acl_data.hdr_beg) %}
{% else %}
{% set acl_enabled = '0' %}
# ERROR: missing parameters
{% endif %}
{% elif acl_data.expression == 'hdr_end' %}
{% if acl_data.hdr_end|default("") != "" %}
{% do acl_options.append('hdr_end(host)') %}
{% if acl_data.caseSensitive|default('0') == '0' %}
{% do acl_options.append('-i') %}
{% endif %}
{% do acl_options.append(acl_data.hdr_end) %}
{% else %}
{% set acl_enabled = '0' %}
# ERROR: missing parameters
{% endif %}
{% elif acl_data.expression == 'hdr_reg' %}
{% if acl_data.hdr_reg|default("") != "" %}
{% do acl_options.append('hdr_reg(host)') %}
{% if acl_data.caseSensitive|default('0') == '0' %}
{% do acl_options.append('-i') %}
{% endif %}
{% do acl_options.append(acl_data.hdr_reg) %}
{% else %}
{% set acl_enabled = '0' %}
# ERROR: missing parameters
{% endif %}
{% elif acl_data.expression == 'hdr_sub' %}
{% if acl_data.hdr_sub|default("") != "" %}
{% do acl_options.append('hdr_sub(host)') %}
{% if acl_data.caseSensitive|default('0') == '0' %}
{% do acl_options.append('-i') %}
{% endif %}
{% do acl_options.append(acl_data.hdr_sub) %}
{% else %}
{% set acl_enabled = '0' %}
# ERROR: missing parameters
{% endif %}
{% elif acl_data.expression == 'http_auth' %}
{% if acl_data.allowedUsers|default("") != "" or acl_data.allowedGroups|default("") != "" %}
{% do acl_options.append('http_auth(acl_' ~ acl_data.id ~ ')') %}
{% else %}
{% set acl_enabled = '0' %}
# ERROR: missing parameters
{% endif %}
{% elif acl_data.expression == 'http_method' %}
{% if acl_data.http_method|default("") != "" %}
{% do acl_options.append('method ' ~ acl_data.http_method|replace(',', ' ')) %}
{% else %}
{% set acl_enabled = '0' %}
# ERROR: missing parameters
{% endif %}
{% elif acl_data.expression == 'nbsrv' %}
{% do acl_options.append('') %}
{% if acl_data.nbsrv|default("") != "" %}
{% if acl_data.nbsrv_backend|default("") != "" %}
{% set nbsrv_backend_data = helpers.getUUID(acl_data.nbsrv_backend) %}
{% do acl_options.append('nbsrv(' ~ nbsrv_backend_data.name ~ ') ge ' ~ acl_data.nbsrv) %}
{% else %}
{% do acl_options.append('nbsrv ge ' ~ acl_data.nbsrv) %}
{% endif %}
{% else %}
{% set acl_enabled = '0' %}
# ERROR: missing parameters
{% endif %}
{% elif acl_data.expression == 'path' %}
{% if acl_data.path|default("") != "" %}
{% do acl_options.append('path') %}
{% if acl_data.caseSensitive|default('0') == '0' %}
{% do acl_options.append('-i') %}
{% endif %}
{% do acl_options.append(acl_data.path) %}
{% else %}
{% set acl_enabled = '0' %}
# ERROR: missing parameters
{% endif %}
{% elif acl_data.expression == 'path_beg' %}
{% if acl_data.path_beg|default("") != "" %}
{% do acl_options.append('path_beg') %}
{% if acl_data.caseSensitive|default('0') == '0' %}
{% do acl_options.append('-i') %}
{% endif %}
{% do acl_options.append(acl_data.path_beg) %}
{% else %}
{% set acl_enabled = '0' %}
# ERROR: missing parameters
{% endif %}
{% elif acl_data.expression == 'path_dir' %}
{% if acl_data.path_dur|default("") != "" %}
{% do acl_options.append('path_dir') %}
{% if acl_data.caseSensitive|default('0') == '0' %}
{% do acl_options.append('-i') %}
{% endif %}
{% do acl_options.append(acl_data.path_dir) %}
{% else %}
{% set acl_enabled = '0' %}
# ERROR: missing parameters
{% endif %}
{% elif acl_data.expression == 'path_end' %}
{% if acl_data.path_end|default("") != "" %}
{% do acl_options.append('path_end') %}
{% if acl_data.caseSensitive|default('0') == '0' %}
{% do acl_options.append('-i') %}
{% endif %}
{% do acl_options.append(acl_data.path_end) %}
{% else %}
{% set acl_enabled = '0' %}
# ERROR: missing parameters
{% endif %}
{% elif acl_data.expression == 'path_reg' %}
{% if acl_data.path_reg|default("") != "" %}
{% do acl_options.append('path_reg') %}
{% if acl_data.caseSensitive|default('0') == '0' %}
{% do acl_options.append('-i') %}
{% endif %}
{% do acl_options.append(acl_data.path_reg) %}
{% else %}
{% set acl_enabled = '0' %}
# ERROR: missing parameters
{% endif %}
{% elif acl_data.expression == 'path_sub' %}
{% if acl_data.path_sub|default("") != "" %}
{% do acl_options.append('path_sub') %}
{% if acl_data.caseSensitive|default('0') == '0' %}
{% do acl_options.append('-i') %}
{% endif %}
{% do acl_options.append(acl_data.path_sub) %}
{% else %}
{% set acl_enabled = '0' %}
# ERROR: missing parameters
{% endif %}
{% elif acl_data.expression == 'src' %}
{% if acl_data.src|default("") != "" %}
{% do acl_options.append('src ' ~ acl_data.src) %}
{% else %}
{% set acl_enabled = '0' %}
# ERROR: missing parameters
{% endif %}
{% elif acl_data.expression == 'sc_bytes_in_rate' %}
{% if acl_data.sc_number|default("") != "" and acl_data.sc_bytes_in_rate|default("") != "" %}
{% if acl_data.table_name|default("") != "" %}
{% set table_data = ',' ~ acl_data.table_name %}
{% else %}
{% set table_data = '' %}
{% endif %}
{% do acl_options.append('sc_bytes_in_rate(' ~ acl_data.sc_number ~ table_data ~ ') ' ~ acl_data.sc_bytes_in_rate_comparison ~ ' ' ~ acl_data.sc_bytes_in_rate) %}
{% else %}
{% set acl_enabled = '0' %}
# ERROR: missing parameters
{% endif %}
{% elif acl_data.expression == 'sc_bytes_out_rate' %}
{% if acl_data.sc_number|default("") != "" and acl_data.sc_bytes_out_rate|default("") != "" %}
{% if acl_data.table_name|default("") != "" %}
{% set table_data = ',' ~ acl_data.table_name %}
{% else %}
{% set table_data = '' %}
{% endif %}
{% do acl_options.append('sc_bytes_out_rate(' ~ acl_data.sc_number ~ table_data ~ ') ' ~ acl_data.sc_bytes_out_rate_comparison ~ ' ' ~ acl_data.sc_bytes_out_rate) %}
{% else %}
{% set acl_enabled = '0' %}
# ERROR: missing parameters
{% endif %}
{% elif acl_data.expression == 'sc_clr_gpc' %}
{% if acl_data.sc_number|default("") != "" and acl_data.gpc_number|default("") != "" and acl_data.sc_clr_gpc|default("") != "" %}
{% if acl_data.table_name|default("") != "" %}
{% set table_data = ',' ~ acl_data.table_name %}
{% else %}
{% set table_data = '' %}
{% endif %}
{% do acl_options.append('sc_clr_gpc(' ~ acl_data.gpc_number ~ ',' ~ acl_data.sc_number ~ table_data ~ ') ' ~ acl_data.sc_clr_gpc_comparison ~ ' ' ~ acl_data.sc_clr_gpc) %}
{% else %}
{% set acl_enabled = '0' %}
# ERROR: missing parameters
{% endif %}
{% elif acl_data.expression == 'sc_conn_cnt' %}
{% if acl_data.sc_number|default("") != "" and acl_data.sc_conn_cnt|default("") != "" %}
{% if acl_data.table_name|default("") != "" %}
{% set table_data = ',' ~ acl_data.table_name %}
{% else %}
{% set table_data = '' %}
{% endif %}
{% do acl_options.append('sc_conn_cnt(' ~ acl_data.sc_number ~ table_data ~ ') ' ~ acl_data.sc_conn_cnt_comparison ~ ' ' ~ acl_data.sc_conn_cnt) %}
{% else %}
{% set acl_enabled = '0' %}
# ERROR: missing parameters
{% endif %}
{% elif acl_data.expression == 'sc_conn_cur' %}
{% if acl_data.sc_number|default("") != "" and acl_data.sc_conn_cur|default("") != "" %}
{% if acl_data.table_name|default("") != "" %}
{% set table_data = ',' ~ acl_data.table_name %}
{% else %}
{% set table_data = '' %}
{% endif %}
{% do acl_options.append('sc_conn_cur(' ~ acl_data.sc_number ~ table_data ~ ') ' ~ acl_data.sc_conn_cur_comparison ~ ' ' ~ acl_data.sc_conn_cur) %}
{% else %}
{% set acl_enabled = '0' %}
# ERROR: missing parameters
{% endif %}
{% elif acl_data.expression == 'sc_conn_rate' %}
{% if acl_data.sc_number|default("") != "" and acl_data.sc_conn_rate|default("") != "" %}
{% if acl_data.table_name|default("") != "" %}
{% set table_data = ',' ~ acl_data.table_name %}
{% else %}
{% set table_data = '' %}
{% endif %}
{% do acl_options.append('sc_conn_rate(' ~ acl_data.sc_number ~ table_data ~ ') ' ~ acl_data.sc_conn_rate_comparison ~ ' ' ~ acl_data.sc_conn_rate) %}
{% else %}
{% set acl_enabled = '0' %}
# ERROR: missing parameters
{% endif %}
{% elif acl_data.expression == 'sc_get_gpc' %}
{% if acl_data.sc_number|default("") != "" and acl_data.gpc_number|default("") != "" and acl_data.sc_get_gpc|default("") != "" %}
{% if acl_data.table_name|default("") != "" %}
{% set table_data = ',' ~ acl_data.table_name %}
{% else %}
{% set table_data = '' %}
{% endif %}
{% do acl_options.append('sc_get_gpc(' ~ acl_data.gpc_number ~ ',' ~ acl_data.sc_number ~ table_data ~ ') ' ~ acl_data.sc_get_gpc_comparison ~ ' ' ~ acl_data.sc_get_gpc) %}
{% else %}
{% set acl_enabled = '0' %}
# ERROR: missing parameters
{% endif %}
{% elif acl_data.expression == 'sc_get_gpt' %}
{% if acl_data.sc_number|default("") != "" and acl_data.gpt_number|default("") != "" and acl_data.sc_get_gpt|default("") != "" %}
{% if acl_data.table_name|default("") != "" %}
{% set table_data = ',' ~ acl_data.table_name %}
{% else %}
{% set table_data = '' %}
{% endif %}
{% do acl_options.append('sc_get_gpt(' ~ acl_data.gpt_number ~ ',' ~ acl_data.sc_number ~ table_data ~ ') ' ~ acl_data.sc_get_gpt_comparison ~ ' ' ~ acl_data.sc_get_gpt) %}
{% else %}
{% set acl_enabled = '0' %}
# ERROR: missing parameters
{% endif %}
{% elif acl_data.expression == 'sc_glitch_cnt' %}
{% if acl_data.sc_number|default("") != "" and acl_data.sc_glitch_cnt|default("") != "" %}
{% if acl_data.table_name|default("") != "" %}
{% set table_data = ',' ~ acl_data.table_name %}
{% else %}
{% set table_data = '' %}
{% endif %}
{% do acl_options.append('sc_glitch_cnt(' ~ acl_data.sc_number ~ table_data ~ ') ' ~ acl_data.sc_glitch_cnt_comparison ~ ' ' ~ acl_data.sc_glitch_cnt) %}
{% else %}
{% set acl_enabled = '0' %}
# ERROR: missing parameters
{% endif %}
{% elif acl_data.expression == 'sc_glitch_rate' %}
{% if acl_data.sc_number|default("") != "" and acl_data.sc_glitch_rate|default("") != "" %}
{% if acl_data.table_name|default("") != "" %}
{% set table_data = ',' ~ acl_data.table_name %}
{% else %}
{% set table_data = '' %}
{% endif %}
{% do acl_options.append('sc_glitch_rate(' ~ acl_data.sc_number ~ table_data ~ ') ' ~ acl_data.sc_glitch_rate_comparison ~ ' ' ~ acl_data.sc_glitch_rate) %}
{% else %}
{% set acl_enabled = '0' %}
# ERROR: missing parameters
{% endif %}
{% elif acl_data.expression == 'sc_gpc_rate' %}
{% if acl_data.sc_number|default("") != "" and acl_data.gpc_number|default("") != "" and acl_data.sc_gpc_rate|default("") != "" %}
{% if acl_data.table_name|default("") != "" %}
{% set table_data = ',' ~ acl_data.table_name %}
{% else %}
{% set table_data = '' %}
{% endif %}
{% do acl_options.append('sc_gpc_rate(' ~ acl_data.gpc_number ~ ',' ~ acl_data.sc_number ~ table_data ~ ') ' ~ acl_data.sc_gpc_rate_comparison ~ ' ' ~ acl_data.sc_gpc_rate) %}
{% else %}
{% set acl_enabled = '0' %}
# ERROR: missing parameters
{% endif %}
{% elif acl_data.expression == 'sc_http_err_cnt' %}
{% if acl_data.sc_number|default("") != "" and acl_data.sc_http_err_cnt|default("") != "" %}
{% if acl_data.table_name|default("") != "" %}
{% set table_data = ',' ~ acl_data.table_name %}
{% else %}
{% set table_data = '' %}
{% endif %}
{% do acl_options.append('sc_http_err_cnt(' ~ acl_data.sc_number ~ table_data ~ ') ' ~ acl_data.sc_http_err_cnt_comparison ~ ' ' ~ acl_data.sc_http_err_cnt) %}
{% else %}
{% set acl_enabled = '0' %}
# ERROR: missing parameters
{% endif %}
{% elif acl_data.expression == 'sc_http_err_rate' %}
{% if acl_data.sc_number|default("") != "" and acl_data.sc_http_err_rate|default("") != "" %}
{% if acl_data.table_name|default("") != "" %}
{% set table_data = ',' ~ acl_data.table_name %}
{% else %}
{% set table_data = '' %}
{% endif %}
{% do acl_options.append('sc_http_err_rate(' ~ acl_data.sc_number ~ table_data ~ ') ' ~ acl_data.sc_http_err_rate_comparison ~ ' ' ~ acl_data.sc_http_err_rate) %}
{% else %}
{% set acl_enabled = '0' %}
# ERROR: missing parameters
{% endif %}
{% elif acl_data.expression == 'sc_http_fail_cnt' %}
{% if acl_data.sc_number|default("") != "" and acl_data.sc_http_fail_cnt|default("") != "" %}
{% if acl_data.table_name|default("") != "" %}
{% set table_data = ',' ~ acl_data.table_name %}
{% else %}
{% set table_data = '' %}
{% endif %}
{% do acl_options.append('sc_http_fail_cnt(' ~ acl_data.sc_number ~ table_data ~ ') ' ~ acl_data.sc_http_fail_cnt_comparison ~ ' ' ~ acl_data.sc_http_fail_cnt) %}
{% else %}
{% set acl_enabled = '0' %}
# ERROR: missing parameters
{% endif %}
{% elif acl_data.expression == 'sc_http_fail_rate' %}
{% if acl_data.sc_number|default("") != "" and acl_data.sc_http_fail_rate|default("") != "" %}
{% if acl_data.table_name|default("") != "" %}
{% set table_data = ',' ~ acl_data.table_name %}
{% else %}
{% set table_data = '' %}
{% endif %}
{% do acl_options.append('sc_http_fail_rate(' ~ acl_data.sc_number ~ table_data ~ ') ' ~ acl_data.sc_http_fail_rate_comparison ~ ' ' ~ acl_data.sc_http_fail_rate) %}
{% else %}
{% set acl_enabled = '0' %}
# ERROR: missing parameters
{% endif %}
{% elif acl_data.expression == 'sc_http_req_cnt' %}
{% if acl_data.sc_number|default("") != "" and acl_data.sc_http_req_cnt|default("") != "" %}
{% if acl_data.table_name|default("") != "" %}
{% set table_data = ',' ~ acl_data.table_name %}
{% else %}
{% set table_data = '' %}
{% endif %}
{% do acl_options.append('sc_http_req_cnt(' ~ acl_data.sc_number ~ table_data ~ ') ' ~ acl_data.sc_http_req_cnt_comparison ~ ' ' ~ acl_data.sc_http_req_cnt) %}
{% else %}
{% set acl_enabled = '0' %}
# ERROR: missing parameters
{% endif %}
{% elif acl_data.expression == 'sc_http_req_rate' %}
{% if acl_data.sc_number|default("") != "" and acl_data.sc_http_req_rate|default("") != "" %}
{% if acl_data.table_name|default("") != "" %}
{% set table_data = ',' ~ acl_data.table_name %}
{% else %}
{% set table_data = '' %}
{% endif %}
{% do acl_options.append('sc_http_req_rate(' ~ acl_data.sc_number ~ table_data ~ ') ' ~ acl_data.sc_http_req_rate_comparison ~ ' ' ~ acl_data.sc_http_req_rate) %}
{% else %}
{% set acl_enabled = '0' %}
# ERROR: missing parameters
{% endif %}
{% elif acl_data.expression == 'sc_inc_gpc' %}
{% if acl_data.sc_number|default("") != "" and acl_data.gpc_number|default("") != "" and acl_data.sc_inc_gpc|default("") != "" %}
{% if acl_data.table_name|default("") != "" %}
{% set table_data = ',' ~ acl_data.table_name %}
{% else %}
{% set table_data = '' %}
{% endif %}
{% do acl_options.append('sc_inc_gpc(' ~ acl_data.gpc_number ~ ',' ~ acl_data.sc_number ~ table_data ~ ') ' ~ acl_data.sc_inc_gpc_comparison ~ ' ' ~ acl_data.sc_inc_gpc) %}
{% else %}
{% set acl_enabled = '0' %}
# ERROR: missing parameters
{% endif %}
{% elif acl_data.expression == 'sc_sess_cnt' %}
{% if acl_data.sc_number|default("") != "" %}
{% if acl_data.table_name|default("") != "" and acl_data.sc_sess_cnt|default("") != "" %}
{% set table_data = ',' ~ acl_data.table_name %}
{% else %}
{% set table_data = '' %}
{% endif %}
{% do acl_options.append('sc_sess_cnt(' ~ acl_data.sc_number ~ table_data ~ ') ' ~ acl_data.sc_sess_cnt_comparison ~ ' ' ~ acl_data.sc_sess_cnt) %}
{% else %}
{% set acl_enabled = '0' %}
# ERROR: missing parameters
{% endif %}
{% elif acl_data.expression == 'sc_sess_rate' %}
{% if acl_data.sc_number|default("") != "" and acl_data.sc_sess_rate|default("") != "" %}
{% if acl_data.table_name|default("") != "" %}
{% set table_data = ',' ~ acl_data.table_name %}
{% else %}
{% set table_data = '' %}
{% endif %}
{% do acl_options.append('sc_sess_rate(' ~ acl_data.sc_number ~ table_data ~ ') ' ~ acl_data.sc_sess_rate_comparison ~ ' ' ~ acl_data.sc_sess_rate) %}
{% else %}
{% set acl_enabled = '0' %}
# ERROR: missing parameters
{% endif %}
{% elif acl_data.expression == 'src_bytes_in_rate' %}
{% do acl_options.append('src_bytes_in_rate ' ~ acl_data.src_bytes_in_rate_comparison ~ ' ' ~ acl_data.src_bytes_in_rate) %}
{% elif acl_data.expression == 'src_bytes_out_rate' %}
{% do acl_options.append('src_bytes_out_rate ' ~ acl_data.src_bytes_out_rate_comparison ~ ' ' ~ acl_data.src_bytes_out_rate) %}
{% elif acl_data.expression == 'src_clr_gpc' %}
{% if acl_data.gpc_number|default("") != "" and acl_data.src_clr_gpc|default("") != "" %}
{% if acl_data.table_name|default("") != "" %}
{% set table_data = ',' ~ acl_data.table_name %}
{% else %}
{% set table_data = '' %}
{% endif %}
{% do acl_options.append('src_clr_gpc(' ~ acl_data.gpc_number ~ table_data ~ ') ' ~ acl_data.src_clr_gpc_comparison ~ ' ' ~ acl_data.src_clr_gpc) %}
{% else %}
{% set acl_enabled = '0' %}
# ERROR: missing parameters
{% endif %}
{% elif acl_data.expression == 'src_conn_cnt' %}
{% do acl_options.append('src_conn_cnt ' ~ acl_data.src_conn_cnt_comparison ~ ' ' ~ acl_data.src_conn_cnt) %}
{% elif acl_data.expression == 'src_conn_cur' %}
{% do acl_options.append('src_conn_cur ' ~ acl_data.src_conn_cur_comparison ~ ' ' ~ acl_data.src_conn_cur) %}
{% elif acl_data.expression == 'src_conn_rate' %}
{% do acl_options.append('src_conn_rate ' ~ acl_data.src_conn_rate_comparison ~ ' ' ~ acl_data.src_conn_rate) %}
{% elif acl_data.expression == 'src_get_gpc' %}
{% if acl_data.gpc_number|default("") != "" and acl_data.src_get_gpc|default("") != "" %}
{% if acl_data.table_name|default("") != "" %}
{% set table_data = ',' ~ acl_data.table_name %}
{% else %}
{% set table_data = '' %}
{% endif %}
{% do acl_options.append('src_get_gpc(' ~ acl_data.gpc_number ~ table_data ~ ') ' ~ acl_data.src_get_gpc_comparison ~ ' ' ~ acl_data.src_get_gpc) %}
{% else %}
{% set acl_enabled = '0' %}
# ERROR: missing parameters
{% endif %}
{% elif acl_data.expression == 'src_get_gpt' %}
{% if acl_data.gpt_number|default("") != "" and acl_data.src_get_gpt|default("") != "" %}
{% if acl_data.table_name|default("") != "" %}
{% set table_data = ',' ~ acl_data.table_name %}
{% else %}
{% set table_data = '' %}
{% endif %}
{% do acl_options.append('src_get_gpt(' ~ acl_data.gpt_number ~ table_data ~ ') ' ~ acl_data.src_get_gpt_comparison ~ ' ' ~ acl_data.src_get_gpt) %}
{% else %}
{% set acl_enabled = '0' %}
# ERROR: missing parameters
{% endif %}
{% elif acl_data.expression == 'src_glitch_cnt' %}
{% if acl_data.src_glitch_cnt|default("") != "" %}
{% if acl_data.table_name|default("") != "" %}
{% set table_data = '(' ~ acl_data.table_name ~ ')' %}
{% else %}
{% set table_data = '' %}
{% endif %}
{% do acl_options.append('src_glitch_cnt' ~ table_data ~ ' ' ~ acl_data.src_glitch_cnt_comparison ~ ' ' ~ acl_data.src_glitch_cnt) %}
{% else %}
{% set acl_enabled = '0' %}
# ERROR: missing parameters
{% endif %}
{% elif acl_data.expression == 'src_glitch_rate' %}
{% if acl_data.src_glitch_rate|default("") != "" %}
{% if acl_data.table_name|default("") != "" %}
{% set table_data = '(' ~ acl_data.table_name ~ ')' %}
{% else %}
{% set table_data = '' %}
{% endif %}
{% do acl_options.append('src_glitch_rate' ~ table_data ~ ' ' ~ acl_data.src_glitch_rate_comparison ~ ' ' ~ acl_data.src_glitch_rate) %}
{% else %}
{% set acl_enabled = '0' %}
# ERROR: missing parameters
{% endif %}
{% elif acl_data.expression == 'src_gpc_rate' %}
{% if acl_data.gpc_number|default("") != "" %}
{% if acl_data.table_name|default("") != "" %}
{% set table_data = ',' ~ acl_data.table_name %}
{% else %}
{% set table_data = '' %}
{% endif %}
{% do acl_options.append('src_gpc_rate(' ~ acl_data.gpc_number ~ table_data ~ ') ' ~ acl_data.src_gpc_rate_comparison ~ ' ' ~ acl_data.src_gpc_rate) %}
{% else %}
{% set acl_enabled = '0' %}
# ERROR: missing parameters
{% endif %}
{% elif acl_data.expression == 'src_http_err_cnt' %}
{% do acl_options.append('src_http_err_cnt ' ~ acl_data.src_http_err_cnt_comparison ~ ' ' ~ acl_data.src_http_err_cnt) %}
{% elif acl_data.expression == 'src_http_err_rate' %}
{% do acl_options.append('src_http_err_rate ' ~ acl_data.src_http_err_rate_comparison ~ ' ' ~ acl_data.src_http_err_rate) %}
{% elif acl_data.expression == 'src_http_fail_cnt' %}
{% if acl_data.src_http_fail_cnt|default("") != "" %}
{% if acl_data.table_name|default("") != "" %}
{% set table_data = '(' ~ acl_data.table_name ~ ')' %}
{% else %}
{% set table_data = '' %}
{% endif %}
{% do acl_options.append('src_http_fail_cnt' ~ table_data ~ ' ' ~ acl_data.src_http_fail_cnt_comparison ~ ' ' ~ acl_data.src_http_fail_cnt) %}
{% else %}
{% set acl_enabled = '0' %}
# ERROR: missing parameters
{% endif %}
{% elif acl_data.expression == 'src_http_fail_rate' %}
{% if acl_data.src_http_fail_rate|default("") != "" %}
{% if acl_data.table_name|default("") != "" %}
{% set table_data = '(' ~ acl_data.table_name ~ ')' %}
{% else %}
{% set table_data = '' %}
{% endif %}
{% do acl_options.append('src_http_fail_rate' ~ table_data ~ ' ' ~ acl_data.src_http_fail_rate_comparison ~ ' ' ~ acl_data.src_http_fail_rate) %}
{% else %}
{% set acl_enabled = '0' %}
# ERROR: missing parameters
{% endif %}
{% elif acl_data.expression == 'src_http_req_cnt' %}
{% do acl_options.append('src_http_req_cnt ' ~ acl_data.src_http_req_cnt_comparison ~ ' ' ~ acl_data.src_http_req_cnt) %}
{% elif acl_data.expression == 'src_http_req_rate' %}
{% do acl_options.append('src_http_req_rate ' ~ acl_data.src_http_req_rate_comparison ~ ' ' ~ acl_data.src_http_req_rate) %}
{% elif acl_data.expression == 'src_inc_gpc' %}
{% if acl_data.gpc_number|default("") != "" %}
{% if acl_data.table_name|default("") != "" %}
{% set table_data = ',' ~ acl_data.table_name %}
{% else %}
{% set table_data = '' %}
{% endif %}
{% do acl_options.append('src_inc_gpc(' ~ acl_data.gpc_number ~ table_data ~ ') ' ~ acl_data.src_inc_gpc_comparison ~ ' ' ~ acl_data.src_inc_gpc ) %}
{% else %}
{% set acl_enabled = '0' %}
# ERROR: missing parameters
{% endif %}
{% elif acl_data.expression == 'src_kbytes_in' %}
{% do acl_options.append('src_kbytes_in ' ~ acl_data.src_kbytes_in_comparison ~ ' ' ~ acl_data.src_kbytes_in) %}
{% elif acl_data.expression == 'src_kbytes_out' %}
{% do acl_options.append('src_kbytes_out ' ~ acl_data.src_kbytes_out_comparison ~ ' ' ~ acl_data.src_kbytes_out) %}
{% elif acl_data.expression == 'src_port' %}
{% do acl_options.append('src_port ' ~ acl_data.src_port_comparison ~ ' ' ~ acl_data.src_port) %}
{% elif acl_data.expression == 'src_sess_cnt' %}
{% do acl_options.append('src_sess_cnt' ~ acl_data.src_sess_cnt_comparison ~ ' ' ~ acl_data.src_sess_cnt) %}
{% elif acl_data.expression == 'src_sess_rate' %}
{% do acl_options.append('src_sess_rate ' ~ acl_data.src_sess_rate_comparison ~ ' ' ~ acl_data.src_sess_rate) %}
{% elif acl_data.expression == 'ssl_c_verify_code' %}
{% if acl_data.ssl_c_verify_code|default("") != "" %}
{% do acl_options.append('ssl_c_verify ' ~ acl_data.ssl_c_verify_code) %}
@ -292,62 +678,6 @@
{% set acl_enabled = '0' %}
# ERROR: missing parameters
{% endif %}
{% elif acl_data.expression == 'ssl_hello_type' %}
{% do acl_options.append('req.ssl_hello_type ' ~ acl_data.ssl_hello_type|replace('x', '')) %}
{% elif acl_data.expression == 'src' %}
{% if acl_data.src|default("") != "" %}
{% do acl_options.append('src ' ~ acl_data.src) %}
{% else %}
{% set acl_enabled = '0' %}
# ERROR: missing parameters
{% endif %}
{% elif acl_data.expression == 'src_is_local' %}
{% do acl_options.append('src_is_local') %}
{% elif acl_data.expression == 'src_bytes_in_rate' %}
{% do acl_options.append('src_bytes_in_rate ' ~ acl_data.src_bytes_in_rate_comparison ~ ' ' ~ acl_data.src_bytes_in_rate) %}
{% elif acl_data.expression == 'src_bytes_out_rate' %}
{% do acl_options.append('src_bytes_out_rate ' ~ acl_data.src_bytes_out_rate_comparison ~ ' ' ~ acl_data.src_bytes_out_rate) %}
{% elif acl_data.expression == 'src_conn_cnt' %}
{% do acl_options.append('src_conn_cnt ' ~ acl_data.src_conn_cnt_comparison ~ ' ' ~ acl_data.src_conn_cnt) %}
{% elif acl_data.expression == 'src_conn_cur' %}
{% do acl_options.append('src_conn_cur ' ~ acl_data.src_conn_cur_comparison ~ ' ' ~ acl_data.src_conn_cur) %}
{% elif acl_data.expression == 'src_conn_rate' %}
{% do acl_options.append('src_conn_rate ' ~ acl_data.src_conn_rate_comparison ~ ' ' ~ acl_data.src_conn_rate) %}
{% elif acl_data.expression == 'src_http_err_cnt' %}
{% do acl_options.append('src_http_err_cnt ' ~ acl_data.src_http_err_cnt_comparison ~ ' ' ~ acl_data.src_http_err_cnt) %}
{% elif acl_data.expression == 'src_http_err_rate' %}
{% do acl_options.append('src_http_err_rate ' ~ acl_data.src_http_err_rate_comparison ~ ' ' ~ acl_data.src_http_err_rate) %}
{% elif acl_data.expression == 'src_http_req_cnt' %}
{% do acl_options.append('src_http_req_cnt ' ~ acl_data.src_http_req_cnt_comparison ~ ' ' ~ acl_data.src_http_req_cnt) %}
{% elif acl_data.expression == 'src_http_req_rate' %}
{% do acl_options.append('src_http_req_rate ' ~ acl_data.src_http_req_rate_comparison ~ ' ' ~ acl_data.src_http_req_rate) %}
{% elif acl_data.expression == 'src_kbytes_in' %}
{% do acl_options.append('src_kbytes_in ' ~ acl_data.src_kbytes_in_comparison ~ ' ' ~ acl_data.src_kbytes_in) %}
{% elif acl_data.expression == 'src_kbytes_out' %}
{% do acl_options.append('src_kbytes_out ' ~ acl_data.src_kbytes_out_comparison ~ ' ' ~ acl_data.src_kbytes_out) %}
{% elif acl_data.expression == 'src_port' %}
{% do acl_options.append('src_port ' ~ acl_data.src_port_comparison ~ ' ' ~ acl_data.src_port) %}
{% elif acl_data.expression == 'src_sess_cnt' %}
{% do acl_options.append('src_sess_cnt' ~ acl_data.src_sess_cnt_comparison ~ ' ' ~ acl_data.src_sess_cnt) %}
{% elif acl_data.expression == 'src_sess_rate' %}
{% do acl_options.append('src_sess_rate ' ~ acl_data.src_sess_rate_comparison ~ ' ' ~ acl_data.src_sess_rate) %}
{% elif acl_data.expression == 'nbsrv' %}
{% do acl_options.append('') %}
{% if acl_data.nbsrv|default("") != "" %}
{% if acl_data.nbsrv_backend|default("") != "" %}
{% set nbsrv_backend_data = helpers.getUUID(acl_data.nbsrv_backend) %}
{% do acl_options.append('nbsrv(' ~ nbsrv_backend_data.name ~ ') ge ' ~ acl_data.nbsrv) %}
{% else %}
{% do acl_options.append('nbsrv ge ' ~ acl_data.nbsrv) %}
{% endif %}
{% else %}
{% set acl_enabled = '0' %}
# ERROR: missing parameters
{% endif %}
{% elif acl_data.expression == 'traffic_is_http' %}
{% do acl_options.append('req.proto_http') %}
{% elif acl_data.expression == 'traffic_is_ssl' %}
{% do acl_options.append('req.ssl_ver gt 0') %}
{% elif acl_data.expression == 'ssl_fc' %}
{% do acl_options.append('ssl_fc') %}
{% elif acl_data.expression == 'ssl_fc_sni' %}
@ -357,6 +687,8 @@
{% set acl_enabled = '0' %}
# ERROR: missing parameters
{% endif %}
{% elif acl_data.expression == 'ssl_hello_type' %}
{% do acl_options.append('req.ssl_hello_type ' ~ acl_data.ssl_hello_type|replace('x', '')) %}
{% elif acl_data.expression == 'ssl_sni' %}
{% if acl_data.ssl_sni|default("") != "" %}
{% do acl_options.append('req.ssl_sni') %}
@ -412,6 +744,21 @@
{% set acl_enabled = '0' %}
# ERROR: missing parameters
{% endif %}
{% elif acl_data.expression == 'traffic_is_http' %}
{% do acl_options.append('req.proto_http') %}
{% elif acl_data.expression == 'traffic_is_ssl' %}
{% do acl_options.append('req.ssl_ver gt 0') %}
{% elif acl_data.expression == 'url_param' %}
{% if acl_data.url_param_value|default("") != "" and acl_data.url_param|default("") != "" %}
{% do acl_options.append('url_param(' ~ acl_data.url_param ~ ')') %}
{% if acl_data.caseSensitive|default('0') == '0' %}
{% do acl_options.append('-i') %}
{% endif %}
{% do acl_options.append(acl_data.url_param_value) %}
{% else %}
{% set acl_enabled = '0' %}
# ERROR: missing parameters
{% endif %}
{# # handle boolean ACL types that do not require any input #}
{% elif acl_data.expression in acl_boolean_types %}
{% do acl_options.append(acl_data.expression) %}