Hi,
First, you must not escape the comma character.
The fetch method "hdr" split multivalue header before the pattern
matching operation. The header "user-agent" containing comma is
processed like two headers:
Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/537.36 (KHTML
and
like Gecko) Chrome/32.0.1700.76 Safari/537.36
If you want to apply ACL on the full value of the header, you must use
"req.fhdr" ('f' like 'full'). The following configuration run as expected:
acl ACL2 req.fhdr(User-Agent) -m str Mozilla/5.0\ (Windows\ NT\ 6.1;\
WOW64)\ AppleWebKit/537.36\ (KHTML,\ like\ Gecko)\ Chrome/32.0.1700.76\
Safari/537.36
reqadd ACLexact:\ 2 if ACL2
acl ACL21 req.fhdr(User-Agent) -m beg Mozilla/5.0\ (Windows\ NT\ 6.1;\
WOW64)\ AppleWebKit/537.36\ (KHTML
reqadd ACLbeg:\ 1 if ACL21
acl ACL22 req.fhdr(User-Agent) -m beg Mozilla/5.0\ (Windows\ NT\ 6.1;\
WOW64)\ AppleWebKit/537.36\ (KHTML,
reqadd ACLbeg:\ 2 if ACL22
acl ACL31 req.fhdr(User-Agent) -m end like\ Gecko)\ Chrome/32.0.1700.76\
Safari/537.36
reqadd ACLend:\ 1 if ACL31
acl ACL32 req.fhdr(User-Agent) -m end \ like\ Gecko)\ Chrome/32.0.1700.76\
Safari/537.36
reqadd ACLend:\ 2 if ACL32
acl ACL33 req.fhdr(User-Agent) -m end ,\ like\ Gecko)\ Chrome/32.0.1700.76\
Safari/537.36
reqadd ACLend:\ 3 if ACL33
Thierry
On Thu, 16 Jan 2014 20:54:50 +0100
PiBa-NL <[email protected]> wrote:
> Hi,
>
> Using HAProxy 1.5-dev21 i'm having trouble getting it to match my
> user-agent with an acl that uses -m pattern matching..
>
> The browser is Chrome 31.0.1650.63 which sends useragent string:
>
> Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/537.36 (KHTML, like
> Gecko) Chrome/32.0.1700.76 Safari/537.36
>
> My test ACLs, of which only ACL21 and ACL31 are matched with the result
> below:
> *ACLexact*= A
> *ACLbeg*= B, 1
> *ACLend*= C, 1
>
> I would expect at least 2 the ACLbeg acls and ACL2 to be also matched,
> also i dont understand why ACL32 is not matched as the leading space
> seems to be correctly escaped.?
>
> The acl's used/tried..:
>
> reqadd ACLexact:\ A
> reqadd ACLbeg:\ B
> reqadd ACLend:\ C
> acl ACL1 hdr(User-Agent) Mozilla/5.0\ (Windows\ NT\ 6.1;\ WOW64)\
> AppleWebKit/537.36\ (KHTML\,\ like\ Gecko)\ Chrome/32.0.1700.76\
> Safari/537.36
> reqadd ACLexact:\ 1 if ACL1
> acl ACL2 hdr(User-Agent) -m str Mozilla/5.0\ (Windows\ NT\ 6.1;\ WOW64)\
> AppleWebKit/537.36\ (KHTML\,\ like\ Gecko)\ Chrome/32.0.1700.76\
> Safari/537.36
> reqadd ACLexact:\ 2 if ACL2
>
> acl ACL21 hdr(User-Agent) -m beg Mozilla/5.0\ (Windows\ NT\ 6.1;\
> WOW64)\ AppleWebKit/537.36\ (KHTML
> reqadd ACLbeg:\ 1 if ACL21
> acl ACL22 hdr(User-Agent) -m beg Mozilla/5.0\ (Windows\ NT\ 6.1;\
> WOW64)\ AppleWebKit/537.36\ (KHTML,
> reqadd ACLbeg:\ 2 if ACL22
> acl ACL23 hdr(User-Agent) -m beg Mozilla/5.0\ (Windows\ NT\ 6.1;\
> WOW64)\ AppleWebKit/537.36\ (KHTML\,
> reqadd ACLbeg:\ 3 if ACL23
>
> acl ACL31 hdr(User-Agent) -m end like\ Gecko)\ Chrome/32.0.1700.76\
> Safari/537.36
> reqadd ACLend:\ 1 if ACL31
> acl ACL32 hdr(User-Agent) -m end \ like\ Gecko)\ Chrome/32.0.1700.76\
> Safari/537.36
> reqadd ACLend:\ 2 if ACL32
> acl ACL33 hdr(User-Agent) -m end ,\ like\ Gecko)\ Chrome/32.0.1700.76\
> Safari/537.36
> reqadd ACLend:\ 3 if ACL33
> acl ACL34 hdr(User-Agent) -m end \,\ like\ Gecko)\ Chrome/32.0.1700.76\
> Safari/537.36
> reqadd ACLend:\ 4 if ACL34
>
>
> HAPROXY Version used:
> HA-Proxy version 1.5-dev21-6b07bf7 +2013/12/17
> Copyright 2000-2013 Willy Tarreau <[email protected]>
> Build options :
> TARGET = freebsd
> CPU = generic
> CC = cc
> CFLAGS = -O2 -pipe -fno-strict-aliasing -DFREEBSD_PORTS
> OPTIONS = USE_GETADDRINFO=1 USE_ZLIB=1 USE_OPENSSL=1 USE_STATIC_PCRE=1
>
> Did i do something wrong, or can you give it a test.? Thanks.
>
> Thanks for the great product!
> Greets PiBa-NL
>
