I have this included in the configuration:
# Filter nasty input
acl missing_cl hdr_cnt(Content-length) eq 0
acl METH_PUT method PUT
acl METH_GET method GET HEAD
acl METH_PATCH method PATCH
##acl METH_DELETE method DELETE
http-request deny if HTTP_URL_STAR !METH_OPTIONS || METH_POST missing_cl ||
METH_PUT missing_cl || METH_PATCH missing_cl || METH_DELETE missing_cl
http-request deny if METH_GET HTTP_CONTENT
http-request deny unless METH_GET or METH_POST or METH_OPTIONS or
METH_PATCH or METH_DELETE or METH_PUT
My colleague commented out the METH_DELETE acl.
It appears that in HAProxy 1.7 a number of acls are predefined
and we could delete the METH_PUT, METH_GET, and METH_PATCH acls also.
So is one of the http-request deny statements causing the problem?
From: Moemen MHEDHBI [mailto:[email protected]]
Sent: November-02-17 7:50 PM
To: [email protected]
Subject: Re: HTTP DELETE command failing
HAProxy is replying 403, which means that the DELETE request was explicitly
denied by your conf.
In order for us to help you, we need to have a look to your conf
++
On 02/11/2017 17:17, Norman Branitsky wrote:
In HAProxy version 1.7.5,
I see GET and POST commands working correctly but DELETE fails:
[01/Nov/2017:11:02:34.423] main_ssl~ ssl_training-01/training-01. 0/0/0/20/69
200 402587 - - ---- 6/6/0/0/0 0/0 "GET
/etk-training-ora1/etk-apps/rt/admin/manage-users.js HTTP/1.1"
Nov 1 11:02:34 localhost haproxy[40877]: 10.20.120.220:64971
[01/Nov/2017:11:02:34.690] main_ssl~ ssl_training-01/training-01. 0/0/0/150/151
200 1490 - - ---- 6/6/0/1/0 0/0 "POST /etk-training-ora1/auth/oauth/token
HTTP/1.1"
Nov 1 11:02:34 localhost haproxy[40877]: 10.20.120.220:64971
[01/Nov/2017:11:02:34.889] main_ssl~ ssl_training-01/training-01. 0/0/1/54/56
200 388 - - ---- 6/6/1/1/0 0/0 "GET
/etk-training-ora1/private/api/systemPreferences/maxPageSize HTTP/1.1"
Nov 1 11:02:35 localhost haproxy[40877]: 10.20.120.220:64970
[01/Nov/2017:11:02:34.890] main_ssl~ ssl_training-01/training-01. 0/0/1/329/331
200 19968 - - ---- 6/6/0/0/0 0/0 "GET
/etk-training-ora1/private/api/users?page=0&size=50&sort=accountName,ASC
HTTP/1.1"
Nov 1 11:02:42 localhost haproxy[40877]: 10.20.120.220:64971
[01/Nov/2017:11:02:42.571] main_ssl~ main_ssl/<NOSRV> 0/-1/-1/-1/0 403 188 - -
PR-- 4/4/0/0/0 0/0 "DELETE /etk-training-ora1/private/api/users/62469 HTTP/1.1"
In the GET and POST commands, path_beg matches /etk-training-ora1.
It appears that in the DELETE command path_beg returns nothing or something
else.
Suggestions, please?
Norman
Norman Branitsky
Cloud Architect
MicroPact
(o) 416.916.1752
(c) 416.843.0670
(t) 1-888-232-0224 x61752
www.micropact.com<http://www.micropact.com/>
Think it > Track it > Done
--
Moemen MHEDHBI
Support Engineer
http://haproxy.com
Tel: +33 1 30 67 60 71
