Hello James, On Fri, Oct 07, 2011 at 01:09:23PM -0500, James Nelson wrote: > Hello, > > My original entries to the mailing list seem to have bounced back, so I'm > trying for #3 here.
Don't worry, your mail reached the list, it's just that nobody replied to it yet. > I have currently set up HAProxy and Openswan on an EC2 server to handle > webservice requests to our client site. The original idea was to have all > webservice requests be filtered by HAProxy, and then shipped appropriately > via Openswan. The filtering was to be done by acl's and inspection of the > URI strings. You can guess where this is headed. > > For our HTTP requests, this works great- no problems what-so-ever. For our > TCP requests, we can't use this level 7 mechanism- and there are multiple > backend destinations to choose from. > > So, my questions are as follows: > - Is there anyway to differentiate these calls any other way in HAProxy? There currently are very few tests that can be operated at the TCP level using "tcp inspect" rules. The reason is that anything may pass over TCP, there is not a common way to use it, so all depends in the format of what you're looking for in the payload. At one point I was planning on adding more ACL matches at the TCP level, but first I want to make the ACL framework work on top of the pattern framework, so that we stop doing the work twice for every new match we implement, and that we manage to implement variables that follow a session or a request. > - If not, is there any way I can send these calls to HAProxy via http/80, > and then transform them into TCP/443 requests going out? I don't understand what you want to achieve this way. What transformation would haproxy apply on your traffic ? > - If we're still stuck, is there any other piece of software I can combine > with HAProxy to make this work? Maybe, but it's hard to tell if we don't know what traffic you're passing on TCP and what you want to match. Regards, Willy
