On Fri, Nov 3, 2017 at 11:29 AM, Norman Branitsky < [email protected]> wrote:
> I have this included in the configuration: > > # Filter nasty input > > acl missing_cl hdr_cnt(Content-length) eq 0 > > acl METH_PUT method PUT > > acl METH_GET method GET HEAD > > acl METH_PATCH method PATCH > > ##acl METH_DELETE method DELETE > > http-request deny if HTTP_URL_STAR !METH_OPTIONS || METH_POST > missing_cl || METH_PUT missing_cl || METH_PATCH missing_cl > > || METH_DELETE missing_cl > > http-request deny if METH_GET HTTP_CONTENT > > http-request deny unless METH_GET or METH_POST or METH_OPTIONS or > METH_PATCH or METH_DELETE or METH_PUT > > > > My colleague commented out the METH_DELETE acl. > It appears that in HAProxy 1.7 a number of acls are predefined > > and we could delete the METH_PUT, METH_GET, and METH_PATCH acls also. > So is one of the http-request deny statements causing the problem? > > > Maybe check the DELETE RFC https://tools.ietf.org/html/rfc7231#section-4.3.5 and think about what to do with your conditions. Start by removing "|| METH_DELETE missing_cl" from the first one.
