Hi Julien With HAProxy 1.5, you can change the log severity using http-request rules: http-request set-log-level notice if request-too-big
Then you can easily divert notice logs into a dedicated file in your syslog server. My 2 cents. Baptiste On Thu, Mar 13, 2014 at 4:23 AM, Julien Vehent <[email protected]> wrote: > On 2014-03-12 15:02, Julien Vehent wrote: >> >> Hi everyone, >> >> Is there a way to log the activity of an ACL? >> I tried to use a header insertion using reqadd, and then log that >> header, but it doesn't work. >> >> # match content-length larger than 500kB >> acl request-too-big hdr_val(content-length) gt 500000 >> reqadd X-Haproxy-ACL:\ request-too-big if METH_POST >> request-too-big >> >> capture request header X-Haproxy-ACL len 64 >> >> The goal is to test a bunch of ACLs before enabling them in production. >> >> Any idea on how to do this? > > > I found a workaround, that's kind of a hack, but it works. When the custom > header is set, I send the request to a backend that is, in fact, another > haproxy frontend. The header is logged then, and passed to its final > backend. I guess I could call that "double backending" :) > > # ~~~ Requests validation using ACLs ~~~ > # use a custom HTTP header to store the result of HAProxy's ACLs. The > # default value is set to `pass`, and modified by ACLs below > http-request set-header X-Haproxy-ACL pass > > # block content-length larger than 5kB > acl request-too-big hdr_val(content-length) gt 5000 > http-request set-header X-Haproxy-ACL request-too-big if METH_POST > request-too-big > > # if previous ACL didn't pass, sent to logger backend > acl pass-acl-validation req.hdr(X-Haproxy-ACL) -m str pass > use_backend acl-logger if !pass-acl-validation > > > frontend acl-logger > bind localhost:55555 > > capture request header X-Haproxy-ACL len 64 > capture request header X-Unique-ID len 64 > default_backend fxa-nodejs > > backend acl-logger > server localhost localhost:55555 > > Downside is, in the logs, I know have two log entries for each request that > doesn't pass the ACLs. I can use the Unique ID value to cross-reference > them. In the sample below, the first logged request indicates > "request-too-big" in the captured headers. > > Mar 12 21:32:35 localhost haproxy[23755]: [23755] [1394659955.945] > 2/1/0/0/1/0/0 0/0/0/4/5 ---- 127.0.0.1:48120 127.0.0.1:55555 127.0.0.1:8000 > acl-logger - - "GET /v1/somethingsomething HTTP/1.1" 404 fxa-nodejs:nodejs1 > "-" "{request-too-big|47B4176E:8E5E_0A977AE4:01BB_5320D273_03FF:5CCB}" "-" > "" "826 bytes" > > Mar 12 21:32:35 localhost haproxy[23755]: [23755] [1394659955.850] > 2/1/0/0/1/0/0 94/0/0/5/99 ---- 1.10.2.10:36446 10.151.122.228:443 > 127.0.0.1:55555 fxa-https~ ECDHE-RSA-AES128-GCM-SHA256 TLSv1.2 "GET > /v1/somethingsomething HTTP/1.1" 404 acl-logger:localhost "-" > "{||Mozilla/5.0 (X11; Linux x86_64; rv:30.0) Gecko/20100101 Firefox/}" "-" > "" "802 bytes" 47B4176E:8E5E_0A977AE4:01BB_5320D273_03FF:5CCB > > - Julien >
