Am 10-04-2017 10:55, schrieb Alexander Lebedev:
Hello!
I want to implement CSRF check with haproxy.
I want to check cookie value matched the header value and deny request
if they're didn't equal.
Something like this:
alc token_valid req.cook(token) %[req.hdr(token)]
http-request deny unless token_valid
and when you add -m does this helps?
acl token_valid req.cook(token) -m %[req.hdr(token)]
or
acl token_valid %[req.hdr(token)] -m req.cook(token)
from
http://cbonte.github.io/haproxy-dconv/1.7/configuration.html#7.1.3
Btw.: what's the output of
haproxy -vv
But I can't find the way to perform this check.
Is it really impossible?
Alexander Lebedev
Regards
aleks