diff --git a/net/haproxy/src/opnsense/mvc/app/controllers/OPNsense/HAProxy/forms/dialogAcl.xml b/net/haproxy/src/opnsense/mvc/app/controllers/OPNsense/HAProxy/forms/dialogAcl.xml
index a86a6599e..886d9f206 100644
--- a/net/haproxy/src/opnsense/mvc/app/controllers/OPNsense/HAProxy/forms/dialogAcl.xml
+++ b/net/haproxy/src/opnsense/mvc/app/controllers/OPNsense/HAProxy/forms/dialogAcl.xml
@@ -198,6 +198,214 @@
text
+
+
+ header
+
+
+
+ acl.src_bytes_in_rate_comparison
+
+ dropdown
+
+
+ acl.src_bytes_in_rate
+
+ text
+
+
+
+
+ header
+
+
+
+ acl.src_bytes_out_rate_comparison
+
+ dropdown
+
+
+ acl.src_bytes_out_rate
+
+ text
+
+
+
+
+ header
+
+
+
+ acl.src_conn_cnt_comparison
+
+ dropdown
+
+
+ acl.src_conn_cnt
+
+ text
+
+
+
+
+ header
+
+
+
+ acl.src_conn_cur_comparison
+
+ dropdown
+
+
+ acl.src_conn_cur
+
+ text
+
+
+
+
+ header
+
+
+
+ acl.src_conn_rate_comparison
+
+ dropdown
+
+
+ acl.src_conn_rate
+
+ text
+
+
+
+
+ header
+
+
+
+ acl.src_http_err_cnt_comparison
+
+ dropdown
+
+
+ acl.src_http_err_cnt
+
+ text
+
+
+
+
+ header
+
+
+
+ acl.src_http_err_rate_comparison
+
+ dropdown
+
+
+ acl.src_http_err_rate
+
+ text
+
+
+
+
+ header
+
+
+
+ acl.src_http_req_cnt_comparison
+
+ dropdown
+
+
+ acl.src_http_req_cnt
+
+ text
+
+
+
+
+ header
+
+
+
+ acl.src_http_req_rate_comparison
+
+ dropdown
+
+
+ acl.src_http_req_rate
+
+ text
+
+
+
+
+ header
+
+
+
+ acl.src_kbytes_in_comparison
+
+ dropdown
+
+
+ acl.src_kbytes_in
+
+ text
+
+
+
+
+ header
+
+
+
+ acl.src_kbytes_out_comparison
+
+ dropdown
+
+
+ acl.src_kbytes_out
+
+ text
+
+
+
+
+ header
+
+
+
+ acl.src_port_comparison
+
+ dropdown
+
+
+ acl.src_port
+
+ text
+
+
+
+
+ header
+
+
+
+ acl.src_sess_cnt_comparison
+
+ dropdown
+
+
+ acl.src_sess_cnt
+
+ text
+
+
header
diff --git a/net/haproxy/src/opnsense/mvc/app/controllers/OPNsense/HAProxy/forms/dialogBackend.xml b/net/haproxy/src/opnsense/mvc/app/controllers/OPNsense/HAProxy/forms/dialogBackend.xml
index b311cfca5..0f93af843 100644
--- a/net/haproxy/src/opnsense/mvc/app/controllers/OPNsense/HAProxy/forms/dialogBackend.xml
+++ b/net/haproxy/src/opnsense/mvc/app/controllers/OPNsense/HAProxy/forms/dialogBackend.xml
@@ -86,7 +86,7 @@
select_multiple
- HAProxy documentation for a full description.]]>
+ HAProxy documentation for a full description.]]>
backend.stickiness_expire
diff --git a/net/haproxy/src/opnsense/mvc/app/models/OPNsense/HAProxy/HAProxy.xml b/net/haproxy/src/opnsense/mvc/app/models/OPNsense/HAProxy/HAProxy.xml
index acbef1629..ab97b718c 100644
--- a/net/haproxy/src/opnsense/mvc/app/models/OPNsense/HAProxy/HAProxy.xml
+++ b/net/haproxy/src/opnsense/mvc/app/models/OPNsense/HAProxy/HAProxy.xml
@@ -951,9 +951,6 @@
Path ends with
Path matches
Path regex
-
Path contains subdir
Path contains string
URL parameter contains
@@ -962,6 +959,26 @@
SSL Client certificate verify error result
SSL Client certificate issued by CA common-name
Source IP matches specified IP
+ Source IP is local
+ Source IP: TCP source port
+ Source IP: incoming bytes rate
+ Source IP: outgoing bytes rate
+ Source IP: amount of data received (in kilobytes)
+ Source IP: amount of data sent (in kilobytes)
+
+ Source IP: cumulative number of connections
+ Source IP: concurrent connections
+ Source IP: connection rate
+
+
+
+ Source IP: cumulative number of HTTP errors
+ Source IP: rate of HTTP errors
+ Source IP: number of HTTP requests
+ Source IP: rate of HTTP requests
+
+ Source IP: cumulative number of connections
+ Source IP: session rate
Minimum number of usable servers in backend
Traffic is HTTP
Traffic is SSL
@@ -1054,6 +1071,202 @@
/^.{1,4096}$/u
N
+
+ N
+ gt
+
+ greater than
+ greater equal
+ equal
+ less than
+ less equal
+
+
+
+ N
+
+
+ N
+ gt
+
+ greater than
+ greater equal
+ equal
+ less than
+ less equal
+
+
+
+ N
+
+
+ N
+ gt
+
+ greater than
+ greater equal
+ equal
+ less than
+ less equal
+
+
+
+ N
+
+
+ N
+ gt
+
+ greater than
+ greater equal
+ equal
+ less than
+ less equal
+
+
+
+ N
+
+
+ N
+ gt
+
+ greater than
+ greater equal
+ equal
+ less than
+ less equal
+
+
+
+ N
+
+
+ N
+ gt
+
+ greater than
+ greater equal
+ equal
+ less than
+ less equal
+
+
+
+ N
+
+
+ N
+ gt
+
+ greater than
+ greater equal
+ equal
+ less than
+ less equal
+
+
+
+ N
+
+
+ N
+ gt
+
+ greater than
+ greater equal
+ equal
+ less than
+ less equal
+
+
+
+ N
+
+
+ N
+ gt
+
+ greater than
+ greater equal
+ equal
+ less than
+ less equal
+
+
+
+ N
+
+
+ N
+ gt
+
+ greater than
+ greater equal
+ equal
+ less than
+ less equal
+
+
+
+ N
+
+
+ N
+ gt
+
+ greater than
+ greater equal
+ equal
+ less than
+ less equal
+
+
+
+ N
+
+
+ N
+ gt
+
+ greater than
+ greater equal
+ equal
+ less than
+ less equal
+
+
+
+ N
+
+
+ N
+ gt
+
+ greater than
+ greater equal
+ equal
+ less than
+ less equal
+
+
+
+ N
+
+
+ N
+ gt
+
+ greater than
+ greater equal
+ equal
+ less than
+ less equal
+
+
+
+ N
+
0
500000
@@ -1158,7 +1371,6 @@
Y
-
Use specified Backend Pool
Override server in Backend Pool
diff --git a/net/haproxy/src/opnsense/service/templates/OPNsense/HAProxy/haproxy.conf b/net/haproxy/src/opnsense/service/templates/OPNsense/HAProxy/haproxy.conf
index 9eb5f0976..cfc150c62 100644
--- a/net/haproxy/src/opnsense/service/templates/OPNsense/HAProxy/haproxy.conf
+++ b/net/haproxy/src/opnsense/service/templates/OPNsense/HAProxy/haproxy.conf
@@ -172,6 +172,36 @@
{% set acl_enabled = '0' %}
# ERROR: missing parameters
{% endif %}
+{% elif acl_data.expression == 'src_is_local' %}
+{% do acl_options.append('src_is_local') %}
+{% elif acl_data.expression == 'src_bytes_in_rate' %}
+{% do acl_options.append('src_bytes_in_rate ' ~ acl_data.src_bytes_in_rate_comparison ~ ' ' ~ acl_data.src_bytes_in_rate) %}
+{% elif acl_data.expression == 'src_bytes_out_rate' %}
+{% do acl_options.append('src_bytes_out_rate ' ~ acl_data.src_bytes_out_rate_comparison ~ ' ' ~ acl_data.src_bytes_out_rate) %}
+{% elif acl_data.expression == 'src_conn_cnt' %}
+{% do acl_options.append('src_conn_cnt ' ~ acl_data.src_conn_cnt_comparison ~ ' ' ~ acl_data.src_conn_cnt) %}
+{% elif acl_data.expression == 'src_conn_cur' %}
+{% do acl_options.append('src_conn_cur ' ~ acl_data.src_conn_cur_comparison ~ ' ' ~ acl_data.src_conn_cur) %}
+{% elif acl_data.expression == 'src_conn_rate' %}
+{% do acl_options.append('src_conn_rate ' ~ acl_data.src_conn_rate_comparison ~ ' ' ~ acl_data.src_conn_rate) %}
+{% elif acl_data.expression == 'src_http_err_cnt' %}
+{% do acl_options.append('src_http_err_cnt ' ~ acl_data.src_http_err_cnt_comparison ~ ' ' ~ acl_data.src_http_err_cnt) %}
+{% elif acl_data.expression == 'src_http_err_rate' %}
+{% do acl_options.append('src_http_err_rate ' ~ acl_data.src_http_err_rate_comparison ~ ' ' ~ acl_data.src_http_err_rate) %}
+{% elif acl_data.expression == 'src_http_req_cnt' %}
+{% do acl_options.append('src_http_req_cnt ' ~ acl_data.src_http_req_cnt_comparison ~ ' ' ~ acl_data.src_http_req_cnt) %}
+{% elif acl_data.expression == 'src_http_req_rate' %}
+{% do acl_options.append('src_http_req_rate ' ~ acl_data.src_http_req_rate_comparison ~ ' ' ~ acl_data.src_http_req_rate) %}
+{% elif acl_data.expression == 'src_kbytes_in' %}
+{% do acl_options.append('src_kbytes_in ' ~ acl_data.src_kbytes_in_comparison ~ ' ' ~ acl_data.src_kbytes_in) %}
+{% elif acl_data.expression == 'src_kbytes_out' %}
+{% do acl_options.append('src_kbytes_out ' ~ acl_data.src_kbytes_out_comparison ~ ' ' ~ acl_data.src_kbytes_out) %}
+{% elif acl_data.expression == 'src_port' %}
+{% do acl_options.append('src_port ' ~ acl_data.src_port_comparison ~ ' ' ~ acl_data.src_port) %}
+{% elif acl_data.expression == 'src_sess_cnt' %}
+{% do acl_options.append('src_sess_cnt' ~ acl_data.src_sess_cnt_comparison ~ ' ' ~ acl_data.src_sess_cnt) %}
+{% elif acl_data.expression == 'src_sess_rate' %}
+{% do acl_options.append('src_sess_rate ' ~ acl_data.src_sess_rate_comparison ~ ' ' ~ acl_data.src_sess_rate) %}
{% elif acl_data.expression == 'nbsrv' %}
{% do acl_options.append('') %}
{% if acl_data.nbsrv|default("") != "" %}