Hi guys,
A colleague just found an issue last night, where this acl:
acl is_kk-dk hdr_end(host) -i kkdk3.testkkdk.kk.dk hdr(host) -i
readonly.kk.dk hdr(host) -i readonly.testkkdk.kk.dk hdr(host) -i
www.testkkdk.kk.dk hdr(host) -i kktest.kk.dk hdr(host) -i www.kk.dk
hdr(host) -i kk.dk
matches hosts like hest.kk.dk :(
He changed the first: hdr_end(host) to just hdr(host) - and it worked as
it should..
it seems if you use hdr_end on first match- that is used on the rest
even though it shouldn't ?
We're running haproxy 1.5.11 on those boxes.
--
Regards,
Klavs Klavsen, GSEC - k...@vsen.dk - http://www.vsen.dk - Tlf. 61281200
"Those who do not understand Unix are condemned to reinvent it, poorly."
--Henry Spencer
