Hi, for me works now following acl
frontend ssl-to-http bind IP:443 ssl crt CERTIFICATE.... bind IP:80 mode http option httpclose reqidel ^X-Forwarded-For:.* option forwardfor acl ssl ssl_fc reqadd X-Forwarded-Proto:\ https if ssl reqadd X-Forwarded-Proto:\ http unless ssl default_backend default Wolfgang -----Ursprüngliche Nachricht----- Von: Wolfgang Routschka [mailto:wolfgang.routsc...@drumedar.de] Gesendet: Freitag, 10. Mai 2013 11:21 An: haproxy@formilux.org Betreff: pre-define ACLs for header rule Hi, today a question about pre defined acl for additional header that not works for me. frontend ssl-to-http bind IP:443 ssl crt CERTIFICATE.... bind IP:80 mode http option httpclose reqidel ^X-Forwarded-For:.* option forwardfor reqadd X-Forwarded-Proto:\ https unless HTTP reqadd X-Forwarded-Proto:\ http if HTTP default_backend default HTTP is a pre-defined acl (http://haproxy.org/download/1.5/doc/configuration.txt Part7.6 pre-defined ACLs) http://ip = HTTP_X_FORWARDED_PROTO' => 'http' https://IP = HTTP_X_FORWARDED_PROTO' => 'http' too but thats not correct for my acl configuration. a new acl works correct frontend ssl-to-http bind IP:443 ssl crt CERTIFICATE.... bind IP:80 mode http option httpclose reqidel ^X-Forwarded-For:.* option forwardfor acl ssl dst_port 443 reqadd X-Forwarded-Proto:\ https if ssl reqadd X-Forwarded-Proto:\ http unless ssl default_backend default I want to use a "standard-variable" for checking SSL or not. If SSL not over port 443 my check fails so I wanted to use ACL HTTP for checking. A other check is "ssl_fc" but I doesn´t know how can I configure "ssl_fc" with acl or another option to checking if SSL or not. regards Wolfgang