Hi,

for me works now following acl

frontend ssl-to-http
    bind IP:443 ssl crt CERTIFICATE....
    bind IP:80
    mode http
    option httpclose
    reqidel ^X-Forwarded-For:.*
    option forwardfor
    acl ssl ssl_fc
    reqadd X-Forwarded-Proto:\ https  if ssl
    reqadd X-Forwarded-Proto:\ http unless ssl
    default_backend default

Wolfgang

-----Ursprüngliche Nachricht-----
Von: Wolfgang Routschka [mailto:wolfgang.routsc...@drumedar.de] 
Gesendet: Freitag, 10. Mai 2013 11:21
An: haproxy@formilux.org
Betreff: pre-define ACLs for header rule

Hi,

today a question about pre defined acl for additional header that not works for 
me.

frontend ssl-to-http
    bind IP:443 ssl crt CERTIFICATE....
    bind IP:80
    mode http
    option httpclose
    reqidel ^X-Forwarded-For:.*
    option forwardfor
    reqadd X-Forwarded-Proto:\ https unless HTTP
    reqadd X-Forwarded-Proto:\ http if HTTP
    default_backend default

HTTP is a pre-defined acl 
(http://haproxy.org/download/1.5/doc/configuration.txt  Part7.6 pre-defined 
ACLs)

 http://ip = HTTP_X_FORWARDED_PROTO' => 'http'
 https://IP = HTTP_X_FORWARDED_PROTO' => 'http' too but thats not correct for 
my acl configuration.

a new acl works correct

frontend ssl-to-http
    bind IP:443 ssl crt CERTIFICATE....
    bind IP:80
    mode http
    option httpclose
    reqidel ^X-Forwarded-For:.*
    option forwardfor
    acl ssl dst_port 443
    reqadd X-Forwarded-Proto:\ https if ssl
    reqadd X-Forwarded-Proto:\ http unless ssl
    default_backend default

I want to use a "standard-variable" for checking SSL or not. If SSL not over 
port 443 my check fails so I wanted to use ACL HTTP for checking.

A other check is "ssl_fc" but I doesn´t know how can I configure "ssl_fc" with 
acl or another option to checking if SSL or not.

regards

Wolfgang 





Reply via email to