Hi, On Thu, Mar 16, Devendra Joshi wrote: > acl main_site req.hdr(Host) -i http://www.abc.com <http://oms.abc.com/>
Host headers don't usually have http:// (or https://) (or did email mailer add the http://). Usually I use hdr_dom(Host) -i www.abc.com > http-response add-header X-Frame-Options ALLOW-FROM\ http://oms.naaptol.com > if main_site > http-response add-header X-Frame-Options SAMEORIGIN if ! main_site > > I got some error : > > [WARNING] 074/135257 (35900) : parsing [/opt/haproxy-ssl/haproxy.cfg:42] : > acl 'main_site' will never match because it only involves keywords that are > incompatible with 'backend http-response header rule' > [WARNING] 074/135257 (35900) : parsing [/opt/haproxy-ssl/haproxy.cfg:43] : > acl 'main_site' will never match because it only involves keywords that are > incompatible with 'backend http-response header rule' > > (but AFAIK the request acl won't work on http-response rule). With haproxy 1.5.x you might need to use different backends. Something like: frontend test acl main_site hdr_dom(Host) -i www.abc.com use_backend BE_mainsite if main_site default_backend BE_nomain backend BE_mainsite ... http-response add-header X-Frame-Options ALLOW-FROM\ http://oms.naaptol.com server s1 ip.add.re.ss:port ... server s2 ip2.add.re.ss:port ... ... backend BE_nomain ... http-response add-header X-Frame-Options SAMEORIGIN server s1 ip.add.re.ss:port track BE_mainsite/s1 ... server s2 ip2.add.re.ss:port track BE_mainsite/s2 ... With haproxy 1.6/1.7 you could use captures or variables: http://blog.haproxy.com/2015/10/14/whats-new-in-haproxy-1-6/ So something like: frontend test declare capture request len 64 http-request capture req.hdr(Host) id 0 ... backend bename acl main_site capture.req.hdr(0) -i www.abc.com http-response add-header X-Frame-Options ALLOW-FROM http://oms.naaptol.com if main_site http-response add-header X-Frame-Options SAMEORIGIN if ! main_site (These examples are from top of my head, so they probably won't work as is ...) -Jarno -- Jarno Huuskonen
