Hello,
Am 21.08.2017 um 09:48 schrieb Andrzej Sobociński: > > Hey, > > I found bug in haproxy 1.7, also not working in ver 1.6 > > Condition not work property in option http-response > > Can you fix that? Thx > > > > CFG: > > > > frontend https-secure.pl > > acl is_domain hdr(host) -i secure.pl > > http-response set-header Content-Security-Policy "default-src https: 'self'; > script-src 'self' 'unsafe-inline' 'unsafe-eval'; connect-src 'self'; img-src > 'self' data:; style-src 'self' 'unsafe-inline'; font-src 'self';" if is_domain > And you get a big fat warning at startup that this configuration won't work: [WARNING] 232/201804 (11045) : parsing [../cert/haproxy.cfg:51] : acl 'is_domain' will never match because it only involves keywords that are incompatible with 'frontend http-response header rule' I'd recommend saving the host header to a txn variable and matching it: frontend https-secure.pl http-request set-var(txn.host) hdr(host) acl is_domain var(txn.host) -i secure.pl http-response set-header Content-Security-Policy "default-src https: 'self'; script-src 'self' 'unsafe-inline' 'unsafe-eval'; connect-src 'self'; img-src 'self' data:; style-src 'self' 'unsafe-inline'; font-src 'self';" if is_domain cheers, lukas
