Hello,
I have been testing the connection tracking in the frontend based on headers,
but it only work if the "if HTTP" option is set:
tcp-request inspect-delay 10s
tcp-request content track-sc0 hdr(x-forwarded-for,-1) if HTTP
Without this option, the table doesn't fill, the connections aren't tracked.
As is shown in the documentation, with tcp-request is possible to match layer 7
conditions, but i don't know why is neccesary the "if HTTP" condition.
This is a sample testing code:
global
maxconn 1000
log 127.0.0.1 local5 info err
stats socket /var/run/haproxy.sock mode 0600 level admin
pidfile /var/run/haproxy.pid
defaults
mode http
log global
retries 3
option redispatch
timeout contimeout 5000
timeout client 5000
timeout srvtimeout 5000
listen proxy-http *:80
mode http
option httplog
stats enable
option http-server-close
balance roundrobin
capture request header x-forwarded-for len 15
stick-table type ip size 200k expire 60m store gpc0
tcp-request inspect-delay 10s
tcp-request content track-sc0 hdr_ip(x-forwarded-for,1) if HTTP
http-request deny if { sc1_get_gpc0 eq 0 }
The version is HA-Proxy 1.5-dev19 2013/06/17
Thanks,
RicardoF
