We have various services that expose internal errors I am trying to
masquerade with haproxy.
The only keyword I can find that can look at the result at all is
rspdeny. The documentation says
"It is easier, faster and more powerful to use ACLs to write access
policies. Rspdeny should be avoided in new designs."
But is there any way to block responses without using rspdeny?
Next issue: rspdeny is not able to look at the URL:
acl is-gif path_end .gif
acl is-internal-error status ge 500
rspdeny . if is-gif is-internal-error
[WARNING] 262/123207 (2466) : parsing [haproxy.cfg:123] : acl 'is-gif' involves
some volatile request-only criteria which will be ignored.
I can split into separate backends depending on the URL, but then it
starts getting complicated with setting proper maxconn values etc, so
I'd rather avoid that. Is there a better way?
- Finn Arne
