Sorry just realized, src_is_local won't work when using proxy protocol. Proxy protocol will preserve initial source information.
You can probably use dst_port like this instead: acl secure dst_port 443 xxxx if is secure On Mon, Dec 26, 2016 at 11:09 PM, Elias Abacioglu < elias.abacio...@deltaprojects.com> wrote: > Perhaps you could use src_is_local. > > Something like this > > frontend web_plain > .... > acl is_local src_is_local > http-response add-header X-External-Protocol https if is_local > > > /Elias > > On Fri, Dec 23, 2016 at 3:28 PM, Arnall <arnall2...@gmail.com> wrote: > >> Hi everyone, >> >> i'm using a nbproc > 1 configuration for ssl offloading : >> >> listen web_tls >> mode http >> bind *:443 ssl crt whatever.pem process 2 >> bind *:443 ssl crt whatever.pem process 3 >> >> ../.. >> server web_plain u...@plain.sock send-proxy-v2-ssl >> >> frontend web_plain >> bind *:80 process 1 >> bind u...@plain.sock process 1 accept-proxy >> >> ../.. >> >> And i'm looking for a secure solution in the web_plain frontend to know >> if the request come from web_tls or not ( in fact i want to know if the >> connection was initially made via SSL/TLS transport ). >> >> I though that send-proxy-v2-ssl could help but i have no idea how ... src >> and src_port are OK with the proxy protocol but ssl_fc in web_plain keeps >> answering false ( 0 ) even the request come from web_tls. >> >> I could set and forward a secret header set in web_tls but i don't like >> the idea ... (have to change the header each time an admin sys leave the >> enterprise... ) >> >> Thanks. >> >> >> >> >
