Hi Steven, Interesting case.
I would say you could set gpc0 value, but unfortunately, there is currently no way to set its value. You can only increase it using sc0_inc_gpc0. My purpose would to use gpc0 as a flag. So the best way for you for now is to use multiple backends. (You already might know, but you can track health checking from one backend to an other one, to avoid sending too many health checks to a single server). By the way, rspadd will be deprecated in favor of http-response. Baptiste On Wed, Jul 10, 2013 at 6:44 PM, Steven Le Roux <[email protected]> wrote: > Hi all (first message on list :) ), > > In the process of migrating from httpd to haproxy for a reverse proxy > purpose, I'm facing a dilemma about how to set a response header according > to request URI. > > I explain : > > There are four file types that I want to handle : > > statics : *.js *.css *.png *.txt ... > static_ : *.cache.* > nocache : *.nocache.* > others... > > So I've set up some ACLs like this : > > acl p-url_statics path_end -i .html .htm .phpt > acl p-url_statics path_end -i .jpg .jpeg .gif .png .bmp .tif .tiff .eps > .ai .nef .ico .swf > acl p-url_statics path_end -i .css .js > acl p-url_statics path_end -i .txt .sql .csv .log > ... > acl p-url_static_ path_sub -i _static_ .cache. > acl p-url_private path_sub -i _private_ > acl p-nocache path_sub -i .nocache. > > I know I can't directly rspadd based on those ACLs, so I use a stick-table > with tcp-request inspection : > > tcp-request content track-sc0 always_true if p-url_statics !p-nocache > !p-url_static_ > tcp-request content track-sc1 always_true if p-url_static_ !p-nocache > tcp-request content track-sc2 always_true if p-nocache > > This way I can : > > http-response set-header Cache-Control no-store,no-cache > http-response set-header Cache-Control > no-cache="Set-Cookie,Set-Cookie2",max-age=604800 if { sc0_tracked } > http-response set-header Cache-Control > no-cache="Set-Cookie,Set-Cookie2",max-age=31536000 if { sc1_tracked } > http-response set-header Cache-Control > no-store,no-cache,max-age=0,must-revalidate if { sc2_tracked } > > The problem here is I need to use the option httpclose/forceclose to break > "Connection: keepalive" establishment provided by client browsers, so it's > potentially slowing down L4 exchanges, needing new handshakes... and forbid > tcp reuse from the L4 load balancer. > > The other problem is that I don't have any other sticky counter available to > match request ACLs with response header manipulation like : > > acl h-origin-X-Y hdr(Origin) -i @url@ > rspadd Access-Control-Allow-Origin: @url@ if h-origin-X-Y h-host-X > > > The other way I'm considering, is to multiple backends for each of my > vhosts... which seem not the best option since I have multiple of them... > but it's possible to decline like this : > > bk_@backendID@ > ... > bk_@backendID@_statics > ... > bk_@backendID@_static_ > ... > bk_@backendID@_nocache > ... > > with the same configuration (options, health-check, servers, cookie > management,...) but specific "rspadd Cache-Control"... > > Backends with static handling could be free of cookie/stick-table handling > anyway. > > I fear it will create a useless health checks noise... since it will be > driven by backend... > > Many backends for just adding a header seem overkill to me because I have > already 6000 backends for 20 frontends and an haproxy.conf sizing 5MB which > takes few seconds to be loaded. > > Does someone have a best pratice to deal with this dilemma ? Is there any > other way to go that I missed ? > > Thx ! > > Regards, > > -- > Steven Le Roux > Jabber-ID : [email protected] > 0x39494CCB <[email protected]> > 2FF7 226B 552E 4709 03F0 6281 72D7 A010 3949 4CCB
