Hi,
thanks for your answer, didn't know the src_is_local feature as it's a
1.7 feature, we're still in 1.6.
the dst_port seems ok to me, will use it !
Happy new year !
Le 27/12/2016 à 08:29, Elias Abacioglu a écrit :
Sorry just realized,
src_is_local won't work when using proxy protocol.
Proxy protocol will preserve initial source information.
You can probably use dst_port like this instead:
acl secure dst_port 443
xxxx if is secure
On Mon, Dec 26, 2016 at 11:09 PM, Elias Abacioglu
<elias.abacio...@deltaprojects.com
<mailto:elias.abacio...@deltaprojects.com>> wrote:
Perhaps you could use src_is_local.
Something like this
frontend web_plain
....
acl is_local src_is_local
http-response add-header X-External-Protocol https if is_local
/Elias
On Fri, Dec 23, 2016 at 3:28 PM, Arnall <arnall2...@gmail.com
<mailto:arnall2...@gmail.com>> wrote:
Hi everyone,
i'm using a nbproc > 1 configuration for ssl offloading :
listen web_tls
mode http
bind *:443 ssl crt whatever.pem process 2
bind *:443 ssl crt whatever.pem process 3
../..
server web_plain u...@plain.sock send-proxy-v2-ssl
frontend web_plain
bind *:80 process 1
bind u...@plain.sock process 1 accept-proxy
../..
And i'm looking for a secure solution in the web_plain
frontend to know if the request come from web_tls or not ( in
fact i want to know if the connection was initially made via
SSL/TLS transport ).
I though that send-proxy-v2-ssl could help but i have no idea
how ... src and src_port are OK with the proxy protocol but
ssl_fc in web_plain keeps answering false ( 0 ) even the
request come from web_tls.
I could set and forward a secret header set in web_tls but i
don't like the idea ... (have to change the header each time
an admin sys leave the enterprise... )
Thanks.