Whether I have the rules in the backend or the front does not seem to make a
difference - I tried some rules in front and back and neither worked.
Maybe I am missing something obvious.
Thanks.
Example with config:
[haproxy]# wget -S -O - http://10.1.1.251:82/blank.gif
--2011-09-08 19:00:59-- http://10.1.1.251:82/blank.gif
Connecting to 10.1.1.251:82... connected.
HTTP request sent, awaiting response... T 10.1.1.251:12427 -> 10.1.1.251:82 [AP]
GET /blank.gif HTTP/1.0..User-Agent: Wget/1.12 (linux-gnu)..Accept:
*/*..Host: 10.1.1.251:82..Connection: Keep-Alive....
HTTP/1.0 200 OK
Server: thttpd
Content-Type: image/gif
Date: Fri, 09 Sep 2011 02:00:59 GMT
Last-Modified: Wed, 07 Sep 2011 17:17:06 GMT
Accept-Ranges: bytes
Content-Length: 43
X-nohdrsub: 1 <==== the only rsp hdr added is the negation of a hdr* acl
Connection: keep-alive
Length: 43 [image/gif]
Saving to: “STDOUT”
2011-09-08 19:00:59 (8.57 MB/s) - written to stdout [43/43]
config file:
defaults
# option splice-auto
option tcp-smart-connect
option http-server-close
timeout queue 27s
timeout http-request 5s
timeout client 33s
timeout connect 8s
timeout server 33s
timeout http-keep-alive 77s
timeout tarpit 190s
global
node hdr_cnt
description hdr_cnt
log localhost local1
# log localhost local1 err
maxconn 32768
uid 99
gid 99
chroot /var/empty
pidfile /var/run/haproxy.pid
stats socket /tmp/hap.sock
daemon
quiet
spread-checks 6
frontend hdr_cnt
bind 10.0.1.251:82
bind 10.0.1.252:82
bind 10.0.1.253:82
mode http
log global
option httplog
option http-server-close
option log-separate-errors
maxconn 32768
capture request header Host len 32
capture request header User-Agent len 256
capture request header Content-Length len 10
capture request header Referer len 384
capture request header Via len 64
capture request header Cookie len 128
capture response header Content-Length len 10
default_backend www
backend www
mode http
balance roundrobin
server www1 127.0.0.1:81 maxconn 10
option http-server-close
acl hashosthdr_via_hdrcntge1 hdr_cnt(Host) ge 1
acl hashosthdr_via_hdrcntlt9 hdr_cnt(Host) lt 9
acl hashosthdr_via_hdrsub hdr_sub(host) -i 10.1
acl hasuahdr_via_hdrcntge1 hdr_cnt(User-Agent) ge 1
acl hasuahdr_via_hdrcnt1 hdr_cnt(User-Agent) 1
rspadd X-gothdrcntge1:\ 1 if hashosthdr_via_hdrcntge1
rspadd X-gothdrcntlt9:\ 1 if hashosthdr_via_hdrcntlt9
rspadd X-gothdrsub:\ 1 if hashosthdr_via_hdrsub
rspadd X-nohdrsub:\ 1 if !hashosthdr_via_hdrsub
rspadd X-gotuahdrcntge1:\ 1 if hasuahdr_via_hdrcntge1
rspadd X-gotuahdrcnt1:\ 1 if hasuahdr_via_hdrcnt1
On 9/8/11 6:49 AM, Baptiste wrote:
hi,
where are you doing your ACLs?
Frontend or backend?
cheers
On Thu, Sep 8, 2011 at 3:06 PM, Hank A. Paulson
<h...@spamproof.nospammail.net> wrote:
does hdr_cnt not work or am I just completely unable to get an example that
works? I can't imagine it doesn't work but I have tried _many_ - some
examples and nothing seems to work (maybe it is 40+ hrs):
acl hdrcnttest hdr_cnt gt 0
reqadd x-has-host:\ YES if hdrcnttest
acl hdrcnttest hdr_cnt(host) gt 0
reqadd x-has-host:\ YES if hdrcnttest
acl hdrcnttest hdr_cnt(Host) gt 0
reqadd x-has-host:\ YES if hdrcnttest
acl hdrcnttest hdr_cnt(Host) 1
reqadd x-has-host:\ YES if hdrcnttest
reqadd x-has-host:\ YES if { hdr_cnt(Host) gt 0 }
reqadd x-has-host:\ YES if { hdr_cnt(Host:) gt 0 }
Nothing seems to work, I tried 1.4.15, 1.4.17 and I recompiled 1.4.17
without any options at all for make except linux26
Other acl criteria seem to work as normal, just hdr_cnt...
Thanks.