Reference

clear acl

On this page

Delete all entries from an ACL expression or file.

Description Jump to heading

An ACL is split into four parts:

  • a name for the ACL, which you choose
  • a fetch to collect information from the client’s session
  • optional flags
  • a value to match against

In the example below, we mark these parts:

haproxy
frontend www
  bind :80
  #   name       fetch  flags       value
  acl static_url  path   -i -m beg   /images/ /scripts/
haproxy
frontend www
  bind :80
  #   name       fetch  flags       value
  acl static_url  path   -i -m beg   /images/ /scripts/

Here, there is initially two values, /images/ and /scripts/. Use clear acl to delete all values.

You can also store values in a file and then reference that file in an acl statement by using the -f /path/to/file flag. Use the clear acl command to delete all values from the file. Note that this only removes it from the load balancer’s runtime memory and not to the file on disk.

Examples Jump to heading

Delete all entries from an ACL file in a transaction Jump to heading

Use clear acl to remove the values /images/ and /scripts/. You can specify the acl file by path or ID. Here we use the ID, which you can get from show acl.

nix
echo "clear acl #0" | \
  sudo socat stdio tcp4-connect:127.0.0.1:9999
nix
echo "clear acl #0" | \
  sudo socat stdio tcp4-connect:127.0.0.1:9999

In the next example, we remove all values from the ACL file /etc/hapee-3.1/paths.acl:

nix
echo "clear acl /etc/hapee-3.1/paths.acl" | \
  sudo socat stdio tcp4-connect:127.0.0.1:9999
nix
echo "clear acl /etc/hapee-3.1/paths.acl" | \
  sudo socat stdio tcp4-connect:127.0.0.1:9999

Delete all entries from an ACL file in a transaction Jump to heading

Available since

  • HAProxy 2.4
  • HAProxy Enterprise 2.4r1

To submit multiple ACL modifications atomically, use the prepare acl and commit acl commands to initiate and commit a transaction, respectively.

The transaction feature makes changes in a temporary file that is applied with the commit acl command.

  1. Display a list of defined ACLs by calling show acl:

    nix
    echo "show acl" | \
      sudo socat stdio tcp4-connect:127.0.0.1:9999
    nix
    echo "show acl" | \
      sudo socat stdio tcp4-connect:127.0.0.1:9999
    output
    text
    # id (file) description
    0 () acl 'path' file '/etc/hapee-3.1/hapee-lb.cfg' line 51. curr_ver=0 next_ver=0 entry_cnt=1
    output
    text
    # id (file) description
    0 () acl 'path' file '/etc/hapee-3.1/hapee-lb.cfg' line 51. curr_ver=0 next_ver=0 entry_cnt=1

  2. Start a transaction to contain ACL changes until you are ready to commit them. The command displays the version number of the temporary transaction file. You will use this number in later operations on the transaction file. You can display version numbers using the show acl operation.

    nix
    echo "prepare acl" | \
      sudo socat stdio tcp4-connect:127.0.0.1:9999
    nix
    echo "prepare acl" | \
      sudo socat stdio tcp4-connect:127.0.0.1:9999
    output
    text
    New version created: 1
    output
    text
    New version created: 1

  3. Use clear acl to remove all ACLs from the file. Specify the version using the “at” (@) symbol. You can specify the acl file by path or ID. Here we use the ID, which you can get from show acl.

    nix
    echo "clear acl @1 #0" | \
      sudo socat stdio tcp4-connect:127.0.0.1:9999
    nix
    echo "clear acl @1 #0" | \
      sudo socat stdio tcp4-connect:127.0.0.1:9999

  4. Commit the transaction:

    nix
    echo "commit acl @1 #0" | \
      sudo socat stdio tcp4-connect:127.0.0.1:9999
    nix
    echo "commit acl @1 #0" | \
      sudo socat stdio tcp4-connect:127.0.0.1:9999

See also Jump to heading

Do you have any suggestions on how we can improve the content of this page?

Previous page add ssl crt-list Next page clear counters all
© 2025 HAProxy Technologies, LLC. All Rights Reserved
Manage Cookie Preferences