We have various services that expose internal errors I am trying to masquerade with haproxy.
The only keyword I can find that can look at the result at all is rspdeny. The documentation says "It is easier, faster and more powerful to use ACLs to write access policies. Rspdeny should be avoided in new designs." But is there any way to block responses without using rspdeny? Next issue: rspdeny is not able to look at the URL: acl is-gif path_end .gif acl is-internal-error status ge 500 rspdeny . if is-gif is-internal-error [WARNING] 262/123207 (2466) : parsing [haproxy.cfg:123] : acl 'is-gif' involves some volatile request-only criteria which will be ignored. I can split into separate backends depending on the URL, but then it starts getting complicated with setting proper maxconn values etc, so I'd rather avoid that. Is there a better way? - Finn Arne