ACL issue with current HEAD ?

[Guillaume Castagnino]

Hi,

I just updated my haproxy to the current HEAD 
(08289f12f9a13ea06cf4a16a1211e82e003af218).
I now have acl issues: the hdr_dom matching seems to be ignored. This 
was working perfectly fine with the previous build I used 
(1bc4aab2902d732530ccbd098d30e519aab3abdd)

The configuration is quite simple and basic here. See attached.
I should see the stats page from https://haproxy.xwing.info/, but... not 
anymore with this new build, and the request is passed to the backend.

Did I miss something ?
Nota: I did not yet started to bissect. I will do it later if it helps.

Thanks !

-- 
Guillaume Castagnino
    ca...@xwing.info / guilla...@castagnino.org

global
    log 127.0.0.1   local0
    maxconn         2000
    user            haproxy
    group           haproxy
    daemon
    stats           socket  /var/run/haproxy.sock level admin mode 600
    stats           timeout 1d
    #debug
    #quiet

defaults
    log         global
    option      dontlognull
    retries     3
    option      redispatch
    option      splice-auto
    maxconn     2000
    timeout     connect 3s
    timeout     client 5s
    timeout     server 60s
    timeout     queue 30s
    timeout     tarpit 30s
    timeout     http-request 3s

############
# Backends #
############

# all the vhosts are here
backend back-http
    balance     roundrobin
    mode        http
    option      http-server-close
    option      abortonclose
    option      forwardfor header X-Client
    option      httpchk HEAD /server-status HTTP/1.0
    cookie      SERVERID insert nocache indirect
    server      coruscant 127.0.0.1:8080 maxconn 100 cookie pool1 check inter 
5000 rise 2 fall 2

# dev debian virtual machine
backend back-dev-debian
    balance     roundrobin
    mode        http
    option      http-server-close
    option      abortonclose
    option      forwardfor header X-Client
    option      httpchk HEAD / HTTP/1.0
    cookie      SERVERID insert nocache indirect
    server      dev-debian dev.castagnino.org:80 maxconn 50 cookie pool1 check 
inter 5000 rise 2 fall 2

backend back-stats
    mode        http
    stats       uri /
    stats       auth XXXX:YYYY

#############
# Frontends #
#############

# the plain http frontend. Do content switching between dev backend and 
redirector backend
frontend front-webapp
    bind                :::80
    mode                http
    option              httplog
    acl                 dev-debian-vhost hdr_dom(Host) -i dev.castagnino.org 
www.pirouette-et-compagnie.com fif-dev prestashop
    # ssl upgrade
    redirect            scheme https code 301 unless dev-debian-vhost
    # switch backend
    use_backend         back-dev-debian if dev-debian-vhost

# the https frontend
frontend front-webapp-ssl
    bind                :::443 ssl crt /etc/ssl/startssl/haproxy/xwing.info.pem 
crt /etc/ssl/startssl/haproxy/ ecdhe prime256v1 ciphers 
ECDHE-RSA-AES128-SHA256:AES128-GCM-SHA256:RC4:HIGH:!MD5:!aNULL:!EDH
    mode                http
    option              httplog
    acl                 front-webapp-dead nbsrv(back-http) eq 0
    acl                 stats-vhost hdr_dom(Host) -i haproxy.xwing.info
    monitor-uri         /status
    monitor             fail if front-webapp-dead
    # prevent clickjacking
    rspadd              X-Frame-Options:\ SAMEORIGIN
    # full https => do STS
    rspadd              Strict-Transport-Security:\ max-age=31536000
    # switch backend
    use_backend         back-stats if stats-vhost
    default_backend     back-http

# vim: ft=haproxy