Access Control List (ACL)

In relation to load balancing, ACLs are used to test some condition and perform an action (e.g. select a server, or block a request) based on the test result.

acl url_blog path_beg /blog
## Backend ##

a backend can be defined by:

  • which load balance algorithm to use
  • a list of servers and ports
backend web-backend
   balance roundrobin
   server web1 web1.yourdomain.com:80 check
   server web2 web2.yourdomain.com:80 check

backend blog-backend
   balance roundrobin
   mode http
   server blog1 blog1.yourdomain.com:80 check
   server blog1 blog1.yourdomain.com:80 check


Their definitions are composed of the following components:

  • a set of IP addresses and a port (e.g., *:443, etc.)
  • ACLs
  • use_backend rules, which define which backends to use depending on which ACL conditions are matched, and/or a default_backend rule that handles every other case
frontend http
  bind *:80
  mode http

  acl url_blog path_beg /blog
  use_backend blog-backend if url_blog

  default_backend web-backend

Types of Load Balancing

No Load Balancing

Layer 4 Load Balancing

Load balancing this way will forward user traffic based on IP range and port.

Layer 7 Load Balancing

Using layer 7 allows the load balancer to forward requests to different backend servers based on the content of the user's request.

Load Balancing Algorithms


Round Robin selects servers in turns. This is the default algorithm.


Selects the server with the least number of connections–it is recommended for longer sessions. Servers in the same backend are also rotated in a round-robin fashion.


This selects which server to use based on a hash of the source IP i.e. your user's IP address. This is one method to ensure that a user will connect to the same server.

Sticky Sessions

Some applications require that a user continues to connect to the same backend server. This persistence is achieved through sticky sessions, using the appsession parameter in the backend that requires it.

Health Check

The default health check is to try to establish a TCP connection to the server i.e. it checks if the backend server is listening on the configured IP address and port.

For certain types of backends, like database servers in certain situations, the default health check is insufficient to determine whether a server is still healthy.


Further Reading

Search Blog: