Hi Q.Xie,
please check the documentation [1]. hdr(host) only looks at the host
header of your request, ie. only "test.xxx.com" from your example
"test.xxx.com/<abc>"
You can get the "<abc>" part by looking at path [2]. So you are looking
for something like
acl my_acl path "<abc>"
[1] http://cbonte.github.io/haproxy-dconv/1.7/configuration.html#req.hdr
[2] http://cbonte.github.io/haproxy-dconv/1.7/configuration.html#path
On 11.12.2016 02:08, Qingshan Xie wrote:
Hello Team,
I got 3 redirection cases as below,
From URL Target URL
test => A.xxx.com
test.xxx.com => B.xxx.com
test.xxx.com/<abc> => C.xxx.com
I configured them by using "*acl <name> hdr(host) -m str <From URL>*".
It works for the 1st two cases, but the 3rd one is hijacked by the 2nd.
I think the reason is because I used hdr(host), it only check the
pattern of the domain not the content or URI included. what is the best
way to configure ACLs to avoid this type of hijacking in above 3 cases?
Please help.
Many Thanks,
Q.Xie
