diff --git a/net/haproxy/pkg-descr b/net/haproxy/pkg-descr
index 25c5a7d05..a7d97e8b0 100644
--- a/net/haproxy/pkg-descr
+++ b/net/haproxy/pkg-descr
@@ -24,6 +24,7 @@ Added:
* add all action keywords for http-request/-response and tcp-request/-response rules
* add "enabled" field to rules
* add support for all stick-table data types
+* add support for GPC/GPT/SC to conditions (#1123, #5109)
Changed:
* upgrade to HAProxy 3.2 release series (#5147)
@@ -32,6 +33,7 @@ Changed:
* change LUA boolean conversion (see tune.lua.bool-sample-conversion)
* stick-table "size" and "expiration time" are no longer advanced options (now always visible)
* replace stick-table type "ip" with "ipv4" (#5147)
+* show the actual HAProxy option name in conditions for clarity
4.6
diff --git a/net/haproxy/src/opnsense/mvc/app/controllers/OPNsense/HAProxy/forms/dialogAcl.xml b/net/haproxy/src/opnsense/mvc/app/controllers/OPNsense/HAProxy/forms/dialogAcl.xml
index 18298899e..e2d3cc7fe 100644
--- a/net/haproxy/src/opnsense/mvc/app/controllers/OPNsense/HAProxy/forms/dialogAcl.xml
+++ b/net/haproxy/src/opnsense/mvc/app/controllers/OPNsense/HAProxy/forms/dialogAcl.xml
@@ -19,7 +19,7 @@
acl.expression
dropdown
- Select condition type.
+ layer 4 or layer 7. The syntax check will show errors when using an incompatible sample fetch method.]]>
acl.negate
@@ -629,4 +629,452 @@
textbox
+
+
+ header
+
+
+
+ acl.sc_bytes_in_rate_comparison
+
+ dropdown
+
+
+ acl.sc_bytes_in_rate
+
+ text
+
+
+
+ header
+
+
+
+ acl.sc_bytes_out_rate_comparison
+
+ dropdown
+
+
+ acl.sc_bytes_out_rate
+
+ text
+
+
+
+ header
+
+
+
+ acl.sc_clr_gpc_comparison
+
+ dropdown
+
+
+ acl.sc_clr_gpc
+
+ text
+
+
+
+ header
+
+
+
+ acl.sc_conn_cnt_comparison
+
+ dropdown
+
+
+ acl.sc_conn_cnt
+
+ text
+
+
+
+ header
+
+
+
+ acl.sc_conn_cur_comparison
+
+ dropdown
+
+
+ acl.sc_conn_cur
+
+ text
+
+
+
+ header
+
+
+
+ acl.sc_conn_rate_comparison
+
+ dropdown
+
+
+ acl.sc_conn_rate
+
+ text
+
+
+
+ header
+
+
+
+ acl.sc_get_gpc_comparison
+
+ dropdown
+
+
+ acl.sc_get_gpc
+
+ text
+
+
+
+ header
+
+
+
+ acl.sc_get_gpt_comparison
+
+ dropdown
+
+
+ acl.sc_get_gpt
+
+ text
+
+
+
+ header
+
+
+
+ acl.sc_glitch_cnt_comparison
+
+ dropdown
+
+
+ acl.sc_glitch_cnt
+
+ text
+
+
+
+ header
+
+
+
+ acl.sc_glitch_rate_comparison
+
+ dropdown
+
+
+ acl.sc_glitch_rate
+
+ text
+
+
+
+ header
+
+
+
+ acl.sc_gpc_rate_comparison
+
+ dropdown
+
+
+ acl.sc_gpc_rate
+
+ text
+
+
+
+ header
+
+
+
+ acl.sc_http_err_cnt_comparison
+
+ dropdown
+
+
+ acl.sc_http_err_cnt
+
+ text
+
+
+
+ header
+
+
+
+ acl.sc_http_err_rate_comparison
+
+ dropdown
+
+
+ acl.sc_http_err_rate
+
+ text
+
+
+
+ header
+
+
+
+ acl.sc_http_fail_cnt_comparison
+
+ dropdown
+
+
+ acl.sc_http_fail_cnt
+
+ text
+
+
+
+ header
+
+
+
+ acl.sc_http_fail_rate_comparison
+
+ dropdown
+
+
+ acl.sc_http_fail_rate
+
+ text
+
+
+
+ header
+
+
+
+ acl.sc_http_req_cnt_comparison
+
+ dropdown
+
+
+ acl.sc_http_req_cnt
+
+ text
+
+
+
+ header
+
+
+
+ acl.sc_http_req_rate_comparison
+
+ dropdown
+
+
+ acl.sc_http_req_rate
+
+ text
+
+
+
+ header
+
+
+
+ acl.sc_inc_gpc_comparison
+
+ dropdown
+
+
+ acl.sc_inc_gpc
+
+ text
+
+
+
+ header
+
+
+
+ acl.sc_sess_cnt_comparison
+
+ dropdown
+
+
+ acl.sc_sess_cnt
+
+ text
+
+
+
+ header
+
+
+
+ acl.sc_sess_rate_comparison
+
+ dropdown
+
+
+ acl.sc_sess_rate
+
+ text
+
+
+
+ header
+
+
+
+ acl.src_get_gpc_comparison
+
+ dropdown
+
+
+ acl.src_get_gpc
+
+ text
+
+
+
+ header
+
+
+
+ acl.src_get_gpt_comparison
+
+ dropdown
+
+
+ acl.src_get_gpt
+
+ text
+
+
+
+ header
+
+
+
+ acl.src_glitch_cnt_comparison
+
+ dropdown
+
+
+ acl.src_glitch_cnt
+
+ text
+
+
+
+ header
+
+
+
+ acl.src_glitch_rate_comparison
+
+ dropdown
+
+
+ acl.src_glitch_rate
+
+ text
+
+
+
+ header
+
+
+
+ acl.src_gpc_rate_comparison
+
+ dropdown
+
+
+ acl.src_gpc_rate
+
+ text
+
+
+
+ header
+
+
+
+ acl.src_http_fail_cnt_comparison
+
+ dropdown
+
+
+ acl.src_http_fail_cnt
+
+ text
+
+
+
+ header
+
+
+
+ acl.src_http_fail_rate_comparison
+
+ dropdown
+
+
+ acl.src_http_fail_rate
+
+ text
+
+
+
+ header
+
+
+
+ acl.src_inc_gpc_comparison
+
+ dropdown
+
+
+ acl.src_inc_gpc
+
+ text
+
+
+
+ header
+
+
+ acl.gpc_number
+
+ text
+
+
+
+ acl.gpt_number
+
+ text
+
+
+
+ acl.sc_number
+
+ text
+
+
+
+ acl.table_name
+
+ text
+
+
diff --git a/net/haproxy/src/opnsense/mvc/app/models/OPNsense/HAProxy/HAProxy.xml b/net/haproxy/src/opnsense/mvc/app/models/OPNsense/HAProxy/HAProxy.xml
index 9326743da..9ed90cbb1 100644
--- a/net/haproxy/src/opnsense/mvc/app/models/OPNsense/HAProxy/HAProxy.xml
+++ b/net/haproxy/src/opnsense/mvc/app/models/OPNsense/HAProxy/HAProxy.xml
@@ -1817,63 +1817,87 @@
Y
- HAProxy process is currently stopping
- HTTP Basic Auth: username/password from client matches selected User/Group
- Host starts with
- Host ends with
- Host matches
- Host regex
- Host contains
- Path starts with
- Path ends with
- Path matches
- Path regex
- Path contains subdir
- Path contains string
- HTTP Header starts with
- HTTP Header ends with
- HTTP Header matches
- HTTP Header regex
- HTTP Header contains
- HTTP Method
- Inspection period is over (WAIT_END)
- QUIC transport protocol is enabled
- URL parameter contains
- SSL Client certificate is valid
- SSL Client certificate verify error result
- SSL Client certificate issued by CA common-name
- SSL Hello Type
- Source IP matches specified IP
- Source IP is local
- Source IP: TCP source port
- Source IP: incoming bytes rate
- Source IP: outgoing bytes rate
- Source IP: amount of data received (in kilobytes)
- Source IP: amount of data sent (in kilobytes)
-
- Source IP: cumulative number of connections
- Source IP: concurrent connections
- Source IP: connection rate
-
-
-
- Source IP: cumulative number of HTTP errors
- Source IP: rate of HTTP errors
- Source IP: number of HTTP requests
- Source IP: rate of HTTP requests
-
- Source IP: cumulative number of sessions
- Source IP: session rate
- Minimum number of usable servers in backend
- Traffic is HTTP
- Traffic is SSL (TCP request content inspection)
- Traffic is SSL (locally deciphered)
- SNI TLS extension matches (locally deciphered)
- SNI TLS extension matches (TCP request content inspection)
- SNI TLS extension contains (TCP request content inspection)
- SNI TLS extension starts with (TCP request content inspection)
- SNI TLS extension ends with (TCP request content inspection)
- SNI TLS extension regex (TCP request content inspection)
+ hdr_beg – specified HTTP Header starts with
+ hdr_end – specified HTTP Header ends with
+ hdr – specified HTTP Header matches
+ hdr_reg – specified HTTP Header regex
+ hdr_sub – specified HTTP Header contains
+ hdr_beg – HTTP Host Header starts with
+ hdr_end – HTTP Host Header ends with
+ hdr – HTTP Host Header matches
+ hdr_reg – HTTP Host Header regex
+ hdr_sub – HTTP Host Header contains
+ http_auth – HTTP Basic Auth: username/password from client matches selected User/Group
+ http_method – HTTP Method
+ nbsrv – Minimum number of usable servers in backend
+ path_beg – Path starts with
+ path_dir – Path contains subdir
+ path_end – Path ends with
+ path – Path matches
+ path_reg – Path regex
+ path_sub – Path contains string
+ quic_enabled – QUIC transport protocol is enabled
+ req.proto_http – Traffic is HTTP
+ req.ssl_ver – Traffic is SSL (TCP request content inspection)
+ sc_bytes_in_rate – Sticky counter: incoming bytes rate
+ sc_bytes_out_rate – Sticky counter: outgoing bytes rate
+ sc_clr_gpc – Sticky counter: clear General Purpose Counter
+ sc_conn_cnt – Sticky counter: cumulative number of connections
+ sc_conn_cur – Sticky counter: concurrent connections
+ sc_conn_rate – Sticky counter: connection rate
+ sc_get_gpc – Sticky counter: get General Purpose Counter value
+ sc_get_gpt – Sticky counter: get General Purpose Tag value
+ sc_glitch_cnt – Sticky counter: cumulative number of glitches
+ sc_glitch_rate – Sticky counter: rate of glitches
+ sc_gpc_rate – Sticky counter: increment rate of General Purpose Counter
+ sc_http_err_cnt – Sticky counter: cumulative number of HTTP errors
+ sc_http_err_rate – Sticky counter: rate of HTTP errors
+ sc_http_fail_cnt – Sticky counter: cumulative number of HTTP failures
+ sc_http_fail_rate – Sticky counter: rate of HTTP failures
+ sc_http_req_cnt – Sticky counter: cumulative number of HTTP requests
+ sc_http_req_rate – Sticky counter: rate of HTTP requests
+ sc_inc_gpc – Sticky counter: increment General Purpose Counter
+ sc_sess_cnt – Sticky counter: cumulative number of sessions
+ sc_sess_rate – Sticky counter: session rate
+ src_bytes_in_rate – Source IP: incoming bytes rate
+ src_bytes_out_rate – Source IP: outgoing bytes rate
+ Source IP: clear General Purpose Counter
+ src_conn_cnt – Source IP: cumulative number of connections
+ src_conn_cur – Source IP: concurrent connections
+ src_conn_rate – Source IP: connection rate
+ src_get_gpc – Source IP: get General Purpose Counter value
+ src_get_gpt – Source IP: get General Purpose Tag value
+ src_glitch_cnt – Source IP: cumulative number of glitches
+ src_glitch_rate – Source IP: rate of glitches
+ src_gpc_rate – Source IP: increment rate of General Purpose Counter
+ src_http_err_cnt – Source IP: cumulative number of HTTP errors
+ src_http_err_rate – Source IP: rate of HTTP errors
+ src_http_fail_cnt – Source IP: cumulative number of HTTP failures
+ src_http_fail_rate – Source IP: rate of HTTP failures
+ src_http_req_cnt – Source IP: number of HTTP requests
+ src_http_req_rate – Source IP: rate of HTTP requests
+ src_inc_gpc – Source IP: increment General Purpose Counter
+ src_is_local – Source IP is local
+ src_kbytes_in – Source IP: amount of data received (in kilobytes)
+ src_kbytes_out – Source IP: amount of data sent (in kilobytes)
+ src_port – Source IP: TCP source port
+ src_sess_cnt – Source IP: cumulative number of sessions
+ src_sess_rate – Source IP: session rate
+ src – Source IP matches specified IP
+ ssl_c_ca_commonname – SSL Client certificate issued by CA common-name
+ ssl_c_verify_code – SSL Client certificate verify error result
+ ssl_c_verify – SSL Client certificate is valid
+ ssl_fc_sni – SNI TLS extension matches (locally deciphered)
+ ssl_fc – Traffic is SSL (locally deciphered)
+ ssl_hello_type – SSL Hello Type
+ ssl_sni_beg – SNI TLS extension starts with (TCP request content inspection)
+ ssl_sni_end – SNI TLS extension ends with (TCP request content inspection)
+ ssl_sni_reg – SNI TLS extension regex (TCP request content inspection)
+ ssl_sni – SNI TLS extension matches (TCP request content inspection)
+ ssl_sni_sub – SNI TLS extension contains (TCP request content inspection)
+ stopping – HAProxy process is currently stopping
+ url_param – URL parameter contains
+ wait_end – Inspection period is over
Custom condition (option pass-through)
@@ -2320,6 +2344,420 @@
TRACE
+
+ N
+ gt
+
+ greater than
+ greater equal
+ equal
+ less than
+ less equal
+
+
+
+ N
+
+
+ N
+ gt
+
+ greater than
+ greater equal
+ equal
+ less than
+ less equal
+
+
+
+ N
+
+
+ N
+ gt
+
+ greater than
+ greater equal
+ equal
+ less than
+ less equal
+
+
+
+ N
+
+
+ N
+ gt
+
+ greater than
+ greater equal
+ equal
+ less than
+ less equal
+
+
+
+ N
+
+
+ N
+ gt
+
+ greater than
+ greater equal
+ equal
+ less than
+ less equal
+
+
+
+ N
+
+
+ N
+ gt
+
+ greater than
+ greater equal
+ equal
+ less than
+ less equal
+
+
+
+ N
+
+
+ N
+ gt
+
+ greater than
+ greater equal
+ equal
+ less than
+ less equal
+
+
+
+ N
+
+
+ N
+ gt
+
+ greater than
+ greater equal
+ equal
+ less than
+ less equal
+
+
+
+ N
+
+
+ N
+ gt
+
+ greater than
+ greater equal
+ equal
+ less than
+ less equal
+
+
+
+ N
+
+
+ N
+ gt
+
+ greater than
+ greater equal
+ equal
+ less than
+ less equal
+
+
+
+ N
+
+
+ N
+ gt
+
+ greater than
+ greater equal
+ equal
+ less than
+ less equal
+
+
+
+ N
+
+
+ N
+ gt
+
+ greater than
+ greater equal
+ equal
+ less than
+ less equal
+
+
+
+ N
+
+
+ N
+ gt
+
+ greater than
+ greater equal
+ equal
+ less than
+ less equal
+
+
+
+ N
+
+
+ N
+ gt
+
+ greater than
+ greater equal
+ equal
+ less than
+ less equal
+
+
+
+ N
+
+
+ N
+ gt
+
+ greater than
+ greater equal
+ equal
+ less than
+ less equal
+
+
+
+ N
+
+
+ N
+ gt
+
+ greater than
+ greater equal
+ equal
+ less than
+ less equal
+
+
+
+ N
+
+
+ N
+ gt
+
+ greater than
+ greater equal
+ equal
+ less than
+ less equal
+
+
+
+ N
+
+
+ N
+ gt
+
+ greater than
+ greater equal
+ equal
+ less than
+ less equal
+
+
+
+ N
+
+
+ N
+ gt
+
+ greater than
+ greater equal
+ equal
+ less than
+ less equal
+
+
+
+ N
+
+
+ N
+ gt
+
+ greater than
+ greater equal
+ equal
+ less than
+ less equal
+
+
+
+ N
+
+
+ N
+ gt
+
+ greater than
+ greater equal
+ equal
+ less than
+ less equal
+
+
+
+ N
+
+
+ N
+ gt
+
+ greater than
+ greater equal
+ equal
+ less than
+ less equal
+
+
+
+ N
+
+
+ N
+ gt
+
+ greater than
+ greater equal
+ equal
+ less than
+ less equal
+
+
+
+ N
+
+
+ N
+ gt
+
+ greater than
+ greater equal
+ equal
+ less than
+ less equal
+
+
+
+ N
+
+
+ N
+ gt
+
+ greater than
+ greater equal
+ equal
+ less than
+ less equal
+
+
+
+ N
+
+
+ N
+ gt
+
+ greater than
+ greater equal
+ equal
+ less than
+ less equal
+
+
+
+ N
+
+
+ N
+ gt
+
+ greater than
+ greater equal
+ equal
+ less than
+ less equal
+
+
+
+ N
+
+
+ N
+ gt
+
+ greater than
+ greater equal
+ equal
+ less than
+ less equal
+
+
+
+ N
+
+
+ 0
+ 100
+ Please specify a value between 0 and 99.
+ N
+
+
+ 0
+ 100
+ Please specify a value between 0 and 99.
+ N
+
+
+ 0
+ 100
+ Please specify a value between 0 and 99.
+ N
+
+
+ /^.{1,4096}$/u
+ N
+
diff --git a/net/haproxy/src/opnsense/service/templates/OPNsense/HAProxy/haproxy.conf b/net/haproxy/src/opnsense/service/templates/OPNsense/HAProxy/haproxy.conf
index 29d845288..8837f0004 100644
--- a/net/haproxy/src/opnsense/service/templates/OPNsense/HAProxy/haproxy.conf
+++ b/net/haproxy/src/opnsense/service/templates/OPNsense/HAProxy/haproxy.conf
@@ -41,7 +41,8 @@
{# Macro expects a CSV list of Actions and validates them. #}
{%- macro AclsAndActions(linkedData) -%}
{% if linkedData is defined %}
-{% set acl_boolean_types = ['quic_enabled', 'stopping', 'wait_end'] %}
+{# # a list of simple boolean ACL types #}
+{% set acl_boolean_types = ['quic_enabled', 'src_is_local', 'stopping', 'wait_end'] %}
{# # remember all ACLs to avoid duplicate declarations #}
{% set acls_seen = [] %}
{% set global_action_options = [] %}
@@ -75,137 +76,13 @@
{% endif %}
{% do acls_seen.append(acl_data.id) %}
{% set acl_options = [] %}
-{% if acl_data.expression == 'http_auth' %}
-{% if acl_data.allowedUsers|default("") != "" or acl_data.allowedGroups|default("") != "" %}
-{% do acl_options.append('http_auth(acl_' ~ acl_data.id ~ ')') %}
-{% else %}
-{% set acl_enabled = '0' %}
- # ERROR: missing parameters
-{% endif %}
-{% elif acl_data.expression == 'hdr_beg' %}
-{% if acl_data.hdr_beg|default("") != "" %}
-{% do acl_options.append('hdr_beg(host)') %}
+{% if acl_data.expression == 'cust_hdr' %}
+{% if acl_data.cust_hdr|default("") != "" and acl_data.cust_hdr_name|default("") != "" %}
+{% do acl_options.append('hdr(' ~ acl_data.cust_hdr_name ~ ')') %}
{% if acl_data.caseSensitive|default('0') == '0' %}
{% do acl_options.append('-i') %}
{% endif %}
-{% do acl_options.append(acl_data.hdr_beg) %}
-{% else %}
-{% set acl_enabled = '0' %}
- # ERROR: missing parameters
-{% endif %}
-{% elif acl_data.expression == 'hdr_end' %}
-{% if acl_data.hdr_end|default("") != "" %}
-{% do acl_options.append('hdr_end(host)') %}
-{% if acl_data.caseSensitive|default('0') == '0' %}
-{% do acl_options.append('-i') %}
-{% endif %}
-{% do acl_options.append(acl_data.hdr_end) %}
-{% else %}
-{% set acl_enabled = '0' %}
- # ERROR: missing parameters
-{% endif %}
-{% elif acl_data.expression == 'hdr' %}
-{% if acl_data.hdr|default("") != "" %}
-{% do acl_options.append('hdr(host)') %}
-{% if acl_data.caseSensitive|default('0') == '0' %}
-{% do acl_options.append('-i') %}
-{% endif %}
-{% do acl_options.append(acl_data.hdr) %}
-{% else %}
-{% set acl_enabled = '0' %}
- # ERROR: missing parameters
-{% endif %}
-{% elif acl_data.expression == 'hdr_reg' %}
-{% if acl_data.hdr_reg|default("") != "" %}
-{% do acl_options.append('hdr_reg(host)') %}
-{% if acl_data.caseSensitive|default('0') == '0' %}
-{% do acl_options.append('-i') %}
-{% endif %}
-{% do acl_options.append(acl_data.hdr_reg) %}
-{% else %}
-{% set acl_enabled = '0' %}
- # ERROR: missing parameters
-{% endif %}
-{% elif acl_data.expression == 'hdr_sub' %}
-{% if acl_data.hdr_sub|default("") != "" %}
-{% do acl_options.append('hdr_sub(host)') %}
-{% if acl_data.caseSensitive|default('0') == '0' %}
-{% do acl_options.append('-i') %}
-{% endif %}
-{% do acl_options.append(acl_data.hdr_sub) %}
-{% else %}
-{% set acl_enabled = '0' %}
- # ERROR: missing parameters
-{% endif %}
-{% elif acl_data.expression == 'http_method' %}
-{% if acl_data.http_method|default("") != "" %}
-{% do acl_options.append('method ' ~ acl_data.http_method|replace(',', ' ')) %}
-{% else %}
-{% set acl_enabled = '0' %}
- # ERROR: missing parameters
-{% endif %}
-{% elif acl_data.expression == 'path_beg' %}
-{% if acl_data.path_beg|default("") != "" %}
-{% do acl_options.append('path_beg') %}
-{% if acl_data.caseSensitive|default('0') == '0' %}
-{% do acl_options.append('-i') %}
-{% endif %}
-{% do acl_options.append(acl_data.path_beg) %}
-{% else %}
-{% set acl_enabled = '0' %}
- # ERROR: missing parameters
-{% endif %}
-{% elif acl_data.expression == 'path_end' %}
-{% if acl_data.path_end|default("") != "" %}
-{% do acl_options.append('path_end') %}
-{% if acl_data.caseSensitive|default('0') == '0' %}
-{% do acl_options.append('-i') %}
-{% endif %}
-{% do acl_options.append(acl_data.path_end) %}
-{% else %}
-{% set acl_enabled = '0' %}
- # ERROR: missing parameters
-{% endif %}
-{% elif acl_data.expression == 'path' %}
-{% if acl_data.path|default("") != "" %}
-{% do acl_options.append('path') %}
-{% if acl_data.caseSensitive|default('0') == '0' %}
-{% do acl_options.append('-i') %}
-{% endif %}
-{% do acl_options.append(acl_data.path) %}
-{% else %}
-{% set acl_enabled = '0' %}
- # ERROR: missing parameters
-{% endif %}
-{% elif acl_data.expression == 'path_reg' %}
-{% if acl_data.path_reg|default("") != "" %}
-{% do acl_options.append('path_reg') %}
-{% if acl_data.caseSensitive|default('0') == '0' %}
-{% do acl_options.append('-i') %}
-{% endif %}
-{% do acl_options.append(acl_data.path_reg) %}
-{% else %}
-{% set acl_enabled = '0' %}
- # ERROR: missing parameters
-{% endif %}
-{% elif acl_data.expression == 'path_dir' %}
-{% if acl_data.path_dur|default("") != "" %}
-{% do acl_options.append('path_dir') %}
-{% if acl_data.caseSensitive|default('0') == '0' %}
-{% do acl_options.append('-i') %}
-{% endif %}
-{% do acl_options.append(acl_data.path_dir) %}
-{% else %}
-{% set acl_enabled = '0' %}
- # ERROR: missing parameters
-{% endif %}
-{% elif acl_data.expression == 'path_sub' %}
-{% if acl_data.path_sub|default("") != "" %}
-{% do acl_options.append('path_sub') %}
-{% if acl_data.caseSensitive|default('0') == '0' %}
-{% do acl_options.append('-i') %}
-{% endif %}
-{% do acl_options.append(acl_data.path_sub) %}
+{% do acl_options.append(acl_data.cust_hdr) %}
{% else %}
{% set acl_enabled = '0' %}
# ERROR: missing parameters
@@ -232,17 +109,6 @@
{% set acl_enabled = '0' %}
# ERROR: missing parameters
{% endif %}
-{% elif acl_data.expression == 'cust_hdr' %}
-{% if acl_data.cust_hdr|default("") != "" and acl_data.cust_hdr_name|default("") != "" %}
-{% do acl_options.append('hdr(' ~ acl_data.cust_hdr_name ~ ')') %}
-{% if acl_data.caseSensitive|default('0') == '0' %}
-{% do acl_options.append('-i') %}
-{% endif %}
-{% do acl_options.append(acl_data.cust_hdr) %}
-{% else %}
-{% set acl_enabled = '0' %}
- # ERROR: missing parameters
-{% endif %}
{% elif acl_data.expression == 'cust_hdr_reg' %}
{% if acl_data.cust_hdr_reg|default("") != "" and acl_data.cust_hdr_reg_name|default("") != "" %}
{% do acl_options.append('hdr_reg(' ~ acl_data.cust_hdr_reg_name ~ ')') %}
@@ -265,17 +131,537 @@
{% set acl_enabled = '0' %}
# ERROR: missing parameters
{% endif %}
-{% elif acl_data.expression == 'url_param' %}
-{% if acl_data.url_param_value|default("") != "" and acl_data.url_param|default("") != "" %}
-{% do acl_options.append('url_param(' ~ acl_data.url_param ~ ')') %}
+{% elif acl_data.expression == 'hdr' %}
+{% if acl_data.hdr|default("") != "" %}
+{% do acl_options.append('hdr(host)') %}
{% if acl_data.caseSensitive|default('0') == '0' %}
{% do acl_options.append('-i') %}
{% endif %}
-{% do acl_options.append(acl_data.url_param_value) %}
+{% do acl_options.append(acl_data.hdr) %}
{% else %}
{% set acl_enabled = '0' %}
# ERROR: missing parameters
{% endif %}
+{% elif acl_data.expression == 'hdr_beg' %}
+{% if acl_data.hdr_beg|default("") != "" %}
+{% do acl_options.append('hdr_beg(host)') %}
+{% if acl_data.caseSensitive|default('0') == '0' %}
+{% do acl_options.append('-i') %}
+{% endif %}
+{% do acl_options.append(acl_data.hdr_beg) %}
+{% else %}
+{% set acl_enabled = '0' %}
+ # ERROR: missing parameters
+{% endif %}
+{% elif acl_data.expression == 'hdr_end' %}
+{% if acl_data.hdr_end|default("") != "" %}
+{% do acl_options.append('hdr_end(host)') %}
+{% if acl_data.caseSensitive|default('0') == '0' %}
+{% do acl_options.append('-i') %}
+{% endif %}
+{% do acl_options.append(acl_data.hdr_end) %}
+{% else %}
+{% set acl_enabled = '0' %}
+ # ERROR: missing parameters
+{% endif %}
+{% elif acl_data.expression == 'hdr_reg' %}
+{% if acl_data.hdr_reg|default("") != "" %}
+{% do acl_options.append('hdr_reg(host)') %}
+{% if acl_data.caseSensitive|default('0') == '0' %}
+{% do acl_options.append('-i') %}
+{% endif %}
+{% do acl_options.append(acl_data.hdr_reg) %}
+{% else %}
+{% set acl_enabled = '0' %}
+ # ERROR: missing parameters
+{% endif %}
+{% elif acl_data.expression == 'hdr_sub' %}
+{% if acl_data.hdr_sub|default("") != "" %}
+{% do acl_options.append('hdr_sub(host)') %}
+{% if acl_data.caseSensitive|default('0') == '0' %}
+{% do acl_options.append('-i') %}
+{% endif %}
+{% do acl_options.append(acl_data.hdr_sub) %}
+{% else %}
+{% set acl_enabled = '0' %}
+ # ERROR: missing parameters
+{% endif %}
+{% elif acl_data.expression == 'http_auth' %}
+{% if acl_data.allowedUsers|default("") != "" or acl_data.allowedGroups|default("") != "" %}
+{% do acl_options.append('http_auth(acl_' ~ acl_data.id ~ ')') %}
+{% else %}
+{% set acl_enabled = '0' %}
+ # ERROR: missing parameters
+{% endif %}
+{% elif acl_data.expression == 'http_method' %}
+{% if acl_data.http_method|default("") != "" %}
+{% do acl_options.append('method ' ~ acl_data.http_method|replace(',', ' ')) %}
+{% else %}
+{% set acl_enabled = '0' %}
+ # ERROR: missing parameters
+{% endif %}
+{% elif acl_data.expression == 'nbsrv' %}
+{% do acl_options.append('') %}
+{% if acl_data.nbsrv|default("") != "" %}
+{% if acl_data.nbsrv_backend|default("") != "" %}
+{% set nbsrv_backend_data = helpers.getUUID(acl_data.nbsrv_backend) %}
+{% do acl_options.append('nbsrv(' ~ nbsrv_backend_data.name ~ ') ge ' ~ acl_data.nbsrv) %}
+{% else %}
+{% do acl_options.append('nbsrv ge ' ~ acl_data.nbsrv) %}
+{% endif %}
+{% else %}
+{% set acl_enabled = '0' %}
+ # ERROR: missing parameters
+{% endif %}
+{% elif acl_data.expression == 'path' %}
+{% if acl_data.path|default("") != "" %}
+{% do acl_options.append('path') %}
+{% if acl_data.caseSensitive|default('0') == '0' %}
+{% do acl_options.append('-i') %}
+{% endif %}
+{% do acl_options.append(acl_data.path) %}
+{% else %}
+{% set acl_enabled = '0' %}
+ # ERROR: missing parameters
+{% endif %}
+{% elif acl_data.expression == 'path_beg' %}
+{% if acl_data.path_beg|default("") != "" %}
+{% do acl_options.append('path_beg') %}
+{% if acl_data.caseSensitive|default('0') == '0' %}
+{% do acl_options.append('-i') %}
+{% endif %}
+{% do acl_options.append(acl_data.path_beg) %}
+{% else %}
+{% set acl_enabled = '0' %}
+ # ERROR: missing parameters
+{% endif %}
+{% elif acl_data.expression == 'path_dir' %}
+{% if acl_data.path_dur|default("") != "" %}
+{% do acl_options.append('path_dir') %}
+{% if acl_data.caseSensitive|default('0') == '0' %}
+{% do acl_options.append('-i') %}
+{% endif %}
+{% do acl_options.append(acl_data.path_dir) %}
+{% else %}
+{% set acl_enabled = '0' %}
+ # ERROR: missing parameters
+{% endif %}
+{% elif acl_data.expression == 'path_end' %}
+{% if acl_data.path_end|default("") != "" %}
+{% do acl_options.append('path_end') %}
+{% if acl_data.caseSensitive|default('0') == '0' %}
+{% do acl_options.append('-i') %}
+{% endif %}
+{% do acl_options.append(acl_data.path_end) %}
+{% else %}
+{% set acl_enabled = '0' %}
+ # ERROR: missing parameters
+{% endif %}
+{% elif acl_data.expression == 'path_reg' %}
+{% if acl_data.path_reg|default("") != "" %}
+{% do acl_options.append('path_reg') %}
+{% if acl_data.caseSensitive|default('0') == '0' %}
+{% do acl_options.append('-i') %}
+{% endif %}
+{% do acl_options.append(acl_data.path_reg) %}
+{% else %}
+{% set acl_enabled = '0' %}
+ # ERROR: missing parameters
+{% endif %}
+{% elif acl_data.expression == 'path_sub' %}
+{% if acl_data.path_sub|default("") != "" %}
+{% do acl_options.append('path_sub') %}
+{% if acl_data.caseSensitive|default('0') == '0' %}
+{% do acl_options.append('-i') %}
+{% endif %}
+{% do acl_options.append(acl_data.path_sub) %}
+{% else %}
+{% set acl_enabled = '0' %}
+ # ERROR: missing parameters
+{% endif %}
+{% elif acl_data.expression == 'src' %}
+{% if acl_data.src|default("") != "" %}
+{% do acl_options.append('src ' ~ acl_data.src) %}
+{% else %}
+{% set acl_enabled = '0' %}
+ # ERROR: missing parameters
+{% endif %}
+{% elif acl_data.expression == 'sc_bytes_in_rate' %}
+{% if acl_data.sc_number|default("") != "" and acl_data.sc_bytes_in_rate|default("") != "" %}
+{% if acl_data.table_name|default("") != "" %}
+{% set table_data = ',' ~ acl_data.table_name %}
+{% else %}
+{% set table_data = '' %}
+{% endif %}
+{% do acl_options.append('sc_bytes_in_rate(' ~ acl_data.sc_number ~ table_data ~ ') ' ~ acl_data.sc_bytes_in_rate_comparison ~ ' ' ~ acl_data.sc_bytes_in_rate) %}
+{% else %}
+{% set acl_enabled = '0' %}
+ # ERROR: missing parameters
+{% endif %}
+{% elif acl_data.expression == 'sc_bytes_out_rate' %}
+{% if acl_data.sc_number|default("") != "" and acl_data.sc_bytes_out_rate|default("") != "" %}
+{% if acl_data.table_name|default("") != "" %}
+{% set table_data = ',' ~ acl_data.table_name %}
+{% else %}
+{% set table_data = '' %}
+{% endif %}
+{% do acl_options.append('sc_bytes_out_rate(' ~ acl_data.sc_number ~ table_data ~ ') ' ~ acl_data.sc_bytes_out_rate_comparison ~ ' ' ~ acl_data.sc_bytes_out_rate) %}
+{% else %}
+{% set acl_enabled = '0' %}
+ # ERROR: missing parameters
+{% endif %}
+{% elif acl_data.expression == 'sc_clr_gpc' %}
+{% if acl_data.sc_number|default("") != "" and acl_data.gpc_number|default("") != "" and acl_data.sc_clr_gpc|default("") != "" %}
+{% if acl_data.table_name|default("") != "" %}
+{% set table_data = ',' ~ acl_data.table_name %}
+{% else %}
+{% set table_data = '' %}
+{% endif %}
+{% do acl_options.append('sc_clr_gpc(' ~ acl_data.gpc_number ~ ',' ~ acl_data.sc_number ~ table_data ~ ') ' ~ acl_data.sc_clr_gpc_comparison ~ ' ' ~ acl_data.sc_clr_gpc) %}
+{% else %}
+{% set acl_enabled = '0' %}
+ # ERROR: missing parameters
+{% endif %}
+{% elif acl_data.expression == 'sc_conn_cnt' %}
+{% if acl_data.sc_number|default("") != "" and acl_data.sc_conn_cnt|default("") != "" %}
+{% if acl_data.table_name|default("") != "" %}
+{% set table_data = ',' ~ acl_data.table_name %}
+{% else %}
+{% set table_data = '' %}
+{% endif %}
+{% do acl_options.append('sc_conn_cnt(' ~ acl_data.sc_number ~ table_data ~ ') ' ~ acl_data.sc_conn_cnt_comparison ~ ' ' ~ acl_data.sc_conn_cnt) %}
+{% else %}
+{% set acl_enabled = '0' %}
+ # ERROR: missing parameters
+{% endif %}
+{% elif acl_data.expression == 'sc_conn_cur' %}
+{% if acl_data.sc_number|default("") != "" and acl_data.sc_conn_cur|default("") != "" %}
+{% if acl_data.table_name|default("") != "" %}
+{% set table_data = ',' ~ acl_data.table_name %}
+{% else %}
+{% set table_data = '' %}
+{% endif %}
+{% do acl_options.append('sc_conn_cur(' ~ acl_data.sc_number ~ table_data ~ ') ' ~ acl_data.sc_conn_cur_comparison ~ ' ' ~ acl_data.sc_conn_cur) %}
+{% else %}
+{% set acl_enabled = '0' %}
+ # ERROR: missing parameters
+{% endif %}
+{% elif acl_data.expression == 'sc_conn_rate' %}
+{% if acl_data.sc_number|default("") != "" and acl_data.sc_conn_rate|default("") != "" %}
+{% if acl_data.table_name|default("") != "" %}
+{% set table_data = ',' ~ acl_data.table_name %}
+{% else %}
+{% set table_data = '' %}
+{% endif %}
+{% do acl_options.append('sc_conn_rate(' ~ acl_data.sc_number ~ table_data ~ ') ' ~ acl_data.sc_conn_rate_comparison ~ ' ' ~ acl_data.sc_conn_rate) %}
+{% else %}
+{% set acl_enabled = '0' %}
+ # ERROR: missing parameters
+{% endif %}
+{% elif acl_data.expression == 'sc_get_gpc' %}
+{% if acl_data.sc_number|default("") != "" and acl_data.gpc_number|default("") != "" and acl_data.sc_get_gpc|default("") != "" %}
+{% if acl_data.table_name|default("") != "" %}
+{% set table_data = ',' ~ acl_data.table_name %}
+{% else %}
+{% set table_data = '' %}
+{% endif %}
+{% do acl_options.append('sc_get_gpc(' ~ acl_data.gpc_number ~ ',' ~ acl_data.sc_number ~ table_data ~ ') ' ~ acl_data.sc_get_gpc_comparison ~ ' ' ~ acl_data.sc_get_gpc) %}
+{% else %}
+{% set acl_enabled = '0' %}
+ # ERROR: missing parameters
+{% endif %}
+{% elif acl_data.expression == 'sc_get_gpt' %}
+{% if acl_data.sc_number|default("") != "" and acl_data.gpt_number|default("") != "" and acl_data.sc_get_gpt|default("") != "" %}
+{% if acl_data.table_name|default("") != "" %}
+{% set table_data = ',' ~ acl_data.table_name %}
+{% else %}
+{% set table_data = '' %}
+{% endif %}
+{% do acl_options.append('sc_get_gpt(' ~ acl_data.gpt_number ~ ',' ~ acl_data.sc_number ~ table_data ~ ') ' ~ acl_data.sc_get_gpt_comparison ~ ' ' ~ acl_data.sc_get_gpt) %}
+{% else %}
+{% set acl_enabled = '0' %}
+ # ERROR: missing parameters
+{% endif %}
+{% elif acl_data.expression == 'sc_glitch_cnt' %}
+{% if acl_data.sc_number|default("") != "" and acl_data.sc_glitch_cnt|default("") != "" %}
+{% if acl_data.table_name|default("") != "" %}
+{% set table_data = ',' ~ acl_data.table_name %}
+{% else %}
+{% set table_data = '' %}
+{% endif %}
+{% do acl_options.append('sc_glitch_cnt(' ~ acl_data.sc_number ~ table_data ~ ') ' ~ acl_data.sc_glitch_cnt_comparison ~ ' ' ~ acl_data.sc_glitch_cnt) %}
+{% else %}
+{% set acl_enabled = '0' %}
+ # ERROR: missing parameters
+{% endif %}
+{% elif acl_data.expression == 'sc_glitch_rate' %}
+{% if acl_data.sc_number|default("") != "" and acl_data.sc_glitch_rate|default("") != "" %}
+{% if acl_data.table_name|default("") != "" %}
+{% set table_data = ',' ~ acl_data.table_name %}
+{% else %}
+{% set table_data = '' %}
+{% endif %}
+{% do acl_options.append('sc_glitch_rate(' ~ acl_data.sc_number ~ table_data ~ ') ' ~ acl_data.sc_glitch_rate_comparison ~ ' ' ~ acl_data.sc_glitch_rate) %}
+{% else %}
+{% set acl_enabled = '0' %}
+ # ERROR: missing parameters
+{% endif %}
+{% elif acl_data.expression == 'sc_gpc_rate' %}
+{% if acl_data.sc_number|default("") != "" and acl_data.gpc_number|default("") != "" and acl_data.sc_gpc_rate|default("") != "" %}
+{% if acl_data.table_name|default("") != "" %}
+{% set table_data = ',' ~ acl_data.table_name %}
+{% else %}
+{% set table_data = '' %}
+{% endif %}
+{% do acl_options.append('sc_gpc_rate(' ~ acl_data.gpc_number ~ ',' ~ acl_data.sc_number ~ table_data ~ ') ' ~ acl_data.sc_gpc_rate_comparison ~ ' ' ~ acl_data.sc_gpc_rate) %}
+{% else %}
+{% set acl_enabled = '0' %}
+ # ERROR: missing parameters
+{% endif %}
+{% elif acl_data.expression == 'sc_http_err_cnt' %}
+{% if acl_data.sc_number|default("") != "" and acl_data.sc_http_err_cnt|default("") != "" %}
+{% if acl_data.table_name|default("") != "" %}
+{% set table_data = ',' ~ acl_data.table_name %}
+{% else %}
+{% set table_data = '' %}
+{% endif %}
+{% do acl_options.append('sc_http_err_cnt(' ~ acl_data.sc_number ~ table_data ~ ') ' ~ acl_data.sc_http_err_cnt_comparison ~ ' ' ~ acl_data.sc_http_err_cnt) %}
+{% else %}
+{% set acl_enabled = '0' %}
+ # ERROR: missing parameters
+{% endif %}
+{% elif acl_data.expression == 'sc_http_err_rate' %}
+{% if acl_data.sc_number|default("") != "" and acl_data.sc_http_err_rate|default("") != "" %}
+{% if acl_data.table_name|default("") != "" %}
+{% set table_data = ',' ~ acl_data.table_name %}
+{% else %}
+{% set table_data = '' %}
+{% endif %}
+{% do acl_options.append('sc_http_err_rate(' ~ acl_data.sc_number ~ table_data ~ ') ' ~ acl_data.sc_http_err_rate_comparison ~ ' ' ~ acl_data.sc_http_err_rate) %}
+{% else %}
+{% set acl_enabled = '0' %}
+ # ERROR: missing parameters
+{% endif %}
+{% elif acl_data.expression == 'sc_http_fail_cnt' %}
+{% if acl_data.sc_number|default("") != "" and acl_data.sc_http_fail_cnt|default("") != "" %}
+{% if acl_data.table_name|default("") != "" %}
+{% set table_data = ',' ~ acl_data.table_name %}
+{% else %}
+{% set table_data = '' %}
+{% endif %}
+{% do acl_options.append('sc_http_fail_cnt(' ~ acl_data.sc_number ~ table_data ~ ') ' ~ acl_data.sc_http_fail_cnt_comparison ~ ' ' ~ acl_data.sc_http_fail_cnt) %}
+{% else %}
+{% set acl_enabled = '0' %}
+ # ERROR: missing parameters
+{% endif %}
+{% elif acl_data.expression == 'sc_http_fail_rate' %}
+{% if acl_data.sc_number|default("") != "" and acl_data.sc_http_fail_rate|default("") != "" %}
+{% if acl_data.table_name|default("") != "" %}
+{% set table_data = ',' ~ acl_data.table_name %}
+{% else %}
+{% set table_data = '' %}
+{% endif %}
+{% do acl_options.append('sc_http_fail_rate(' ~ acl_data.sc_number ~ table_data ~ ') ' ~ acl_data.sc_http_fail_rate_comparison ~ ' ' ~ acl_data.sc_http_fail_rate) %}
+{% else %}
+{% set acl_enabled = '0' %}
+ # ERROR: missing parameters
+{% endif %}
+{% elif acl_data.expression == 'sc_http_req_cnt' %}
+{% if acl_data.sc_number|default("") != "" and acl_data.sc_http_req_cnt|default("") != "" %}
+{% if acl_data.table_name|default("") != "" %}
+{% set table_data = ',' ~ acl_data.table_name %}
+{% else %}
+{% set table_data = '' %}
+{% endif %}
+{% do acl_options.append('sc_http_req_cnt(' ~ acl_data.sc_number ~ table_data ~ ') ' ~ acl_data.sc_http_req_cnt_comparison ~ ' ' ~ acl_data.sc_http_req_cnt) %}
+{% else %}
+{% set acl_enabled = '0' %}
+ # ERROR: missing parameters
+{% endif %}
+{% elif acl_data.expression == 'sc_http_req_rate' %}
+{% if acl_data.sc_number|default("") != "" and acl_data.sc_http_req_rate|default("") != "" %}
+{% if acl_data.table_name|default("") != "" %}
+{% set table_data = ',' ~ acl_data.table_name %}
+{% else %}
+{% set table_data = '' %}
+{% endif %}
+{% do acl_options.append('sc_http_req_rate(' ~ acl_data.sc_number ~ table_data ~ ') ' ~ acl_data.sc_http_req_rate_comparison ~ ' ' ~ acl_data.sc_http_req_rate) %}
+{% else %}
+{% set acl_enabled = '0' %}
+ # ERROR: missing parameters
+{% endif %}
+{% elif acl_data.expression == 'sc_inc_gpc' %}
+{% if acl_data.sc_number|default("") != "" and acl_data.gpc_number|default("") != "" and acl_data.sc_inc_gpc|default("") != "" %}
+{% if acl_data.table_name|default("") != "" %}
+{% set table_data = ',' ~ acl_data.table_name %}
+{% else %}
+{% set table_data = '' %}
+{% endif %}
+{% do acl_options.append('sc_inc_gpc(' ~ acl_data.gpc_number ~ ',' ~ acl_data.sc_number ~ table_data ~ ') ' ~ acl_data.sc_inc_gpc_comparison ~ ' ' ~ acl_data.sc_inc_gpc) %}
+{% else %}
+{% set acl_enabled = '0' %}
+ # ERROR: missing parameters
+{% endif %}
+{% elif acl_data.expression == 'sc_sess_cnt' %}
+{% if acl_data.sc_number|default("") != "" %}
+{% if acl_data.table_name|default("") != "" and acl_data.sc_sess_cnt|default("") != "" %}
+{% set table_data = ',' ~ acl_data.table_name %}
+{% else %}
+{% set table_data = '' %}
+{% endif %}
+{% do acl_options.append('sc_sess_cnt(' ~ acl_data.sc_number ~ table_data ~ ') ' ~ acl_data.sc_sess_cnt_comparison ~ ' ' ~ acl_data.sc_sess_cnt) %}
+{% else %}
+{% set acl_enabled = '0' %}
+ # ERROR: missing parameters
+{% endif %}
+{% elif acl_data.expression == 'sc_sess_rate' %}
+{% if acl_data.sc_number|default("") != "" and acl_data.sc_sess_rate|default("") != "" %}
+{% if acl_data.table_name|default("") != "" %}
+{% set table_data = ',' ~ acl_data.table_name %}
+{% else %}
+{% set table_data = '' %}
+{% endif %}
+{% do acl_options.append('sc_sess_rate(' ~ acl_data.sc_number ~ table_data ~ ') ' ~ acl_data.sc_sess_rate_comparison ~ ' ' ~ acl_data.sc_sess_rate) %}
+{% else %}
+{% set acl_enabled = '0' %}
+ # ERROR: missing parameters
+{% endif %}
+{% elif acl_data.expression == 'src_bytes_in_rate' %}
+{% do acl_options.append('src_bytes_in_rate ' ~ acl_data.src_bytes_in_rate_comparison ~ ' ' ~ acl_data.src_bytes_in_rate) %}
+{% elif acl_data.expression == 'src_bytes_out_rate' %}
+{% do acl_options.append('src_bytes_out_rate ' ~ acl_data.src_bytes_out_rate_comparison ~ ' ' ~ acl_data.src_bytes_out_rate) %}
+{% elif acl_data.expression == 'src_clr_gpc' %}
+{% if acl_data.gpc_number|default("") != "" and acl_data.src_clr_gpc|default("") != "" %}
+{% if acl_data.table_name|default("") != "" %}
+{% set table_data = ',' ~ acl_data.table_name %}
+{% else %}
+{% set table_data = '' %}
+{% endif %}
+{% do acl_options.append('src_clr_gpc(' ~ acl_data.gpc_number ~ table_data ~ ') ' ~ acl_data.src_clr_gpc_comparison ~ ' ' ~ acl_data.src_clr_gpc) %}
+{% else %}
+{% set acl_enabled = '0' %}
+ # ERROR: missing parameters
+{% endif %}
+{% elif acl_data.expression == 'src_conn_cnt' %}
+{% do acl_options.append('src_conn_cnt ' ~ acl_data.src_conn_cnt_comparison ~ ' ' ~ acl_data.src_conn_cnt) %}
+{% elif acl_data.expression == 'src_conn_cur' %}
+{% do acl_options.append('src_conn_cur ' ~ acl_data.src_conn_cur_comparison ~ ' ' ~ acl_data.src_conn_cur) %}
+{% elif acl_data.expression == 'src_conn_rate' %}
+{% do acl_options.append('src_conn_rate ' ~ acl_data.src_conn_rate_comparison ~ ' ' ~ acl_data.src_conn_rate) %}
+{% elif acl_data.expression == 'src_get_gpc' %}
+{% if acl_data.gpc_number|default("") != "" and acl_data.src_get_gpc|default("") != "" %}
+{% if acl_data.table_name|default("") != "" %}
+{% set table_data = ',' ~ acl_data.table_name %}
+{% else %}
+{% set table_data = '' %}
+{% endif %}
+{% do acl_options.append('src_get_gpc(' ~ acl_data.gpc_number ~ table_data ~ ') ' ~ acl_data.src_get_gpc_comparison ~ ' ' ~ acl_data.src_get_gpc) %}
+{% else %}
+{% set acl_enabled = '0' %}
+ # ERROR: missing parameters
+{% endif %}
+{% elif acl_data.expression == 'src_get_gpt' %}
+{% if acl_data.gpt_number|default("") != "" and acl_data.src_get_gpt|default("") != "" %}
+{% if acl_data.table_name|default("") != "" %}
+{% set table_data = ',' ~ acl_data.table_name %}
+{% else %}
+{% set table_data = '' %}
+{% endif %}
+{% do acl_options.append('src_get_gpt(' ~ acl_data.gpt_number ~ table_data ~ ') ' ~ acl_data.src_get_gpt_comparison ~ ' ' ~ acl_data.src_get_gpt) %}
+{% else %}
+{% set acl_enabled = '0' %}
+ # ERROR: missing parameters
+{% endif %}
+{% elif acl_data.expression == 'src_glitch_cnt' %}
+{% if acl_data.src_glitch_cnt|default("") != "" %}
+{% if acl_data.table_name|default("") != "" %}
+{% set table_data = '(' ~ acl_data.table_name ~ ')' %}
+{% else %}
+{% set table_data = '' %}
+{% endif %}
+{% do acl_options.append('src_glitch_cnt' ~ table_data ~ ' ' ~ acl_data.src_glitch_cnt_comparison ~ ' ' ~ acl_data.src_glitch_cnt) %}
+{% else %}
+{% set acl_enabled = '0' %}
+ # ERROR: missing parameters
+{% endif %}
+{% elif acl_data.expression == 'src_glitch_rate' %}
+{% if acl_data.src_glitch_rate|default("") != "" %}
+{% if acl_data.table_name|default("") != "" %}
+{% set table_data = '(' ~ acl_data.table_name ~ ')' %}
+{% else %}
+{% set table_data = '' %}
+{% endif %}
+{% do acl_options.append('src_glitch_rate' ~ table_data ~ ' ' ~ acl_data.src_glitch_rate_comparison ~ ' ' ~ acl_data.src_glitch_rate) %}
+{% else %}
+{% set acl_enabled = '0' %}
+ # ERROR: missing parameters
+{% endif %}
+{% elif acl_data.expression == 'src_gpc_rate' %}
+{% if acl_data.gpc_number|default("") != "" %}
+{% if acl_data.table_name|default("") != "" %}
+{% set table_data = ',' ~ acl_data.table_name %}
+{% else %}
+{% set table_data = '' %}
+{% endif %}
+{% do acl_options.append('src_gpc_rate(' ~ acl_data.gpc_number ~ table_data ~ ') ' ~ acl_data.src_gpc_rate_comparison ~ ' ' ~ acl_data.src_gpc_rate) %}
+{% else %}
+{% set acl_enabled = '0' %}
+ # ERROR: missing parameters
+{% endif %}
+{% elif acl_data.expression == 'src_http_err_cnt' %}
+{% do acl_options.append('src_http_err_cnt ' ~ acl_data.src_http_err_cnt_comparison ~ ' ' ~ acl_data.src_http_err_cnt) %}
+{% elif acl_data.expression == 'src_http_err_rate' %}
+{% do acl_options.append('src_http_err_rate ' ~ acl_data.src_http_err_rate_comparison ~ ' ' ~ acl_data.src_http_err_rate) %}
+{% elif acl_data.expression == 'src_http_fail_cnt' %}
+{% if acl_data.src_http_fail_cnt|default("") != "" %}
+{% if acl_data.table_name|default("") != "" %}
+{% set table_data = '(' ~ acl_data.table_name ~ ')' %}
+{% else %}
+{% set table_data = '' %}
+{% endif %}
+{% do acl_options.append('src_http_fail_cnt' ~ table_data ~ ' ' ~ acl_data.src_http_fail_cnt_comparison ~ ' ' ~ acl_data.src_http_fail_cnt) %}
+{% else %}
+{% set acl_enabled = '0' %}
+ # ERROR: missing parameters
+{% endif %}
+{% elif acl_data.expression == 'src_http_fail_rate' %}
+{% if acl_data.src_http_fail_rate|default("") != "" %}
+{% if acl_data.table_name|default("") != "" %}
+{% set table_data = '(' ~ acl_data.table_name ~ ')' %}
+{% else %}
+{% set table_data = '' %}
+{% endif %}
+{% do acl_options.append('src_http_fail_rate' ~ table_data ~ ' ' ~ acl_data.src_http_fail_rate_comparison ~ ' ' ~ acl_data.src_http_fail_rate) %}
+{% else %}
+{% set acl_enabled = '0' %}
+ # ERROR: missing parameters
+{% endif %}
+{% elif acl_data.expression == 'src_http_req_cnt' %}
+{% do acl_options.append('src_http_req_cnt ' ~ acl_data.src_http_req_cnt_comparison ~ ' ' ~ acl_data.src_http_req_cnt) %}
+{% elif acl_data.expression == 'src_http_req_rate' %}
+{% do acl_options.append('src_http_req_rate ' ~ acl_data.src_http_req_rate_comparison ~ ' ' ~ acl_data.src_http_req_rate) %}
+{% elif acl_data.expression == 'src_inc_gpc' %}
+{% if acl_data.gpc_number|default("") != "" %}
+{% if acl_data.table_name|default("") != "" %}
+{% set table_data = ',' ~ acl_data.table_name %}
+{% else %}
+{% set table_data = '' %}
+{% endif %}
+{% do acl_options.append('src_inc_gpc(' ~ acl_data.gpc_number ~ table_data ~ ') ' ~ acl_data.src_inc_gpc_comparison ~ ' ' ~ acl_data.src_inc_gpc ) %}
+{% else %}
+{% set acl_enabled = '0' %}
+ # ERROR: missing parameters
+{% endif %}
+{% elif acl_data.expression == 'src_kbytes_in' %}
+{% do acl_options.append('src_kbytes_in ' ~ acl_data.src_kbytes_in_comparison ~ ' ' ~ acl_data.src_kbytes_in) %}
+{% elif acl_data.expression == 'src_kbytes_out' %}
+{% do acl_options.append('src_kbytes_out ' ~ acl_data.src_kbytes_out_comparison ~ ' ' ~ acl_data.src_kbytes_out) %}
+{% elif acl_data.expression == 'src_port' %}
+{% do acl_options.append('src_port ' ~ acl_data.src_port_comparison ~ ' ' ~ acl_data.src_port) %}
+{% elif acl_data.expression == 'src_sess_cnt' %}
+{% do acl_options.append('src_sess_cnt' ~ acl_data.src_sess_cnt_comparison ~ ' ' ~ acl_data.src_sess_cnt) %}
+{% elif acl_data.expression == 'src_sess_rate' %}
+{% do acl_options.append('src_sess_rate ' ~ acl_data.src_sess_rate_comparison ~ ' ' ~ acl_data.src_sess_rate) %}
{% elif acl_data.expression == 'ssl_c_verify_code' %}
{% if acl_data.ssl_c_verify_code|default("") != "" %}
{% do acl_options.append('ssl_c_verify ' ~ acl_data.ssl_c_verify_code) %}
@@ -292,62 +678,6 @@
{% set acl_enabled = '0' %}
# ERROR: missing parameters
{% endif %}
-{% elif acl_data.expression == 'ssl_hello_type' %}
-{% do acl_options.append('req.ssl_hello_type ' ~ acl_data.ssl_hello_type|replace('x', '')) %}
-{% elif acl_data.expression == 'src' %}
-{% if acl_data.src|default("") != "" %}
-{% do acl_options.append('src ' ~ acl_data.src) %}
-{% else %}
-{% set acl_enabled = '0' %}
- # ERROR: missing parameters
-{% endif %}
-{% elif acl_data.expression == 'src_is_local' %}
-{% do acl_options.append('src_is_local') %}
-{% elif acl_data.expression == 'src_bytes_in_rate' %}
-{% do acl_options.append('src_bytes_in_rate ' ~ acl_data.src_bytes_in_rate_comparison ~ ' ' ~ acl_data.src_bytes_in_rate) %}
-{% elif acl_data.expression == 'src_bytes_out_rate' %}
-{% do acl_options.append('src_bytes_out_rate ' ~ acl_data.src_bytes_out_rate_comparison ~ ' ' ~ acl_data.src_bytes_out_rate) %}
-{% elif acl_data.expression == 'src_conn_cnt' %}
-{% do acl_options.append('src_conn_cnt ' ~ acl_data.src_conn_cnt_comparison ~ ' ' ~ acl_data.src_conn_cnt) %}
-{% elif acl_data.expression == 'src_conn_cur' %}
-{% do acl_options.append('src_conn_cur ' ~ acl_data.src_conn_cur_comparison ~ ' ' ~ acl_data.src_conn_cur) %}
-{% elif acl_data.expression == 'src_conn_rate' %}
-{% do acl_options.append('src_conn_rate ' ~ acl_data.src_conn_rate_comparison ~ ' ' ~ acl_data.src_conn_rate) %}
-{% elif acl_data.expression == 'src_http_err_cnt' %}
-{% do acl_options.append('src_http_err_cnt ' ~ acl_data.src_http_err_cnt_comparison ~ ' ' ~ acl_data.src_http_err_cnt) %}
-{% elif acl_data.expression == 'src_http_err_rate' %}
-{% do acl_options.append('src_http_err_rate ' ~ acl_data.src_http_err_rate_comparison ~ ' ' ~ acl_data.src_http_err_rate) %}
-{% elif acl_data.expression == 'src_http_req_cnt' %}
-{% do acl_options.append('src_http_req_cnt ' ~ acl_data.src_http_req_cnt_comparison ~ ' ' ~ acl_data.src_http_req_cnt) %}
-{% elif acl_data.expression == 'src_http_req_rate' %}
-{% do acl_options.append('src_http_req_rate ' ~ acl_data.src_http_req_rate_comparison ~ ' ' ~ acl_data.src_http_req_rate) %}
-{% elif acl_data.expression == 'src_kbytes_in' %}
-{% do acl_options.append('src_kbytes_in ' ~ acl_data.src_kbytes_in_comparison ~ ' ' ~ acl_data.src_kbytes_in) %}
-{% elif acl_data.expression == 'src_kbytes_out' %}
-{% do acl_options.append('src_kbytes_out ' ~ acl_data.src_kbytes_out_comparison ~ ' ' ~ acl_data.src_kbytes_out) %}
-{% elif acl_data.expression == 'src_port' %}
-{% do acl_options.append('src_port ' ~ acl_data.src_port_comparison ~ ' ' ~ acl_data.src_port) %}
-{% elif acl_data.expression == 'src_sess_cnt' %}
-{% do acl_options.append('src_sess_cnt' ~ acl_data.src_sess_cnt_comparison ~ ' ' ~ acl_data.src_sess_cnt) %}
-{% elif acl_data.expression == 'src_sess_rate' %}
-{% do acl_options.append('src_sess_rate ' ~ acl_data.src_sess_rate_comparison ~ ' ' ~ acl_data.src_sess_rate) %}
-{% elif acl_data.expression == 'nbsrv' %}
-{% do acl_options.append('') %}
-{% if acl_data.nbsrv|default("") != "" %}
-{% if acl_data.nbsrv_backend|default("") != "" %}
-{% set nbsrv_backend_data = helpers.getUUID(acl_data.nbsrv_backend) %}
-{% do acl_options.append('nbsrv(' ~ nbsrv_backend_data.name ~ ') ge ' ~ acl_data.nbsrv) %}
-{% else %}
-{% do acl_options.append('nbsrv ge ' ~ acl_data.nbsrv) %}
-{% endif %}
-{% else %}
-{% set acl_enabled = '0' %}
- # ERROR: missing parameters
-{% endif %}
-{% elif acl_data.expression == 'traffic_is_http' %}
-{% do acl_options.append('req.proto_http') %}
-{% elif acl_data.expression == 'traffic_is_ssl' %}
-{% do acl_options.append('req.ssl_ver gt 0') %}
{% elif acl_data.expression == 'ssl_fc' %}
{% do acl_options.append('ssl_fc') %}
{% elif acl_data.expression == 'ssl_fc_sni' %}
@@ -357,6 +687,8 @@
{% set acl_enabled = '0' %}
# ERROR: missing parameters
{% endif %}
+{% elif acl_data.expression == 'ssl_hello_type' %}
+{% do acl_options.append('req.ssl_hello_type ' ~ acl_data.ssl_hello_type|replace('x', '')) %}
{% elif acl_data.expression == 'ssl_sni' %}
{% if acl_data.ssl_sni|default("") != "" %}
{% do acl_options.append('req.ssl_sni') %}
@@ -412,6 +744,21 @@
{% set acl_enabled = '0' %}
# ERROR: missing parameters
{% endif %}
+{% elif acl_data.expression == 'traffic_is_http' %}
+{% do acl_options.append('req.proto_http') %}
+{% elif acl_data.expression == 'traffic_is_ssl' %}
+{% do acl_options.append('req.ssl_ver gt 0') %}
+{% elif acl_data.expression == 'url_param' %}
+{% if acl_data.url_param_value|default("") != "" and acl_data.url_param|default("") != "" %}
+{% do acl_options.append('url_param(' ~ acl_data.url_param ~ ')') %}
+{% if acl_data.caseSensitive|default('0') == '0' %}
+{% do acl_options.append('-i') %}
+{% endif %}
+{% do acl_options.append(acl_data.url_param_value) %}
+{% else %}
+{% set acl_enabled = '0' %}
+ # ERROR: missing parameters
+{% endif %}
{# # handle boolean ACL types that do not require any input #}
{% elif acl_data.expression in acl_boolean_types %}
{% do acl_options.append(acl_data.expression) %}