Hi there,

Recently, a misrouting has been found on our haproxy config. We had two
ACL mismatching :

acl foo                   path_reg -i
^/(w|a|i)\/([0-9]+\.){0,3}([0-9]+)?\/(ats|atc)\/.*$ OR path_reg -i
^//(w|a|i)\/([0-9]+\.){0,3}([0-9]+)?\/(ats|atc)\/.*$

and

acl bar                    path_reg
^/(w|a|i)\/(.*)\/barbaz\/(.*)\/(install|custom)\/(.*)


So, if the called url is
https://foo.bar/i/1.9.0/barbaz/path/custom/foo

acl bar is matched and this is "normal", now, if I hit
https://foo.bar/i/1.9.0/barbaz/path/custom/-i

it matches bar, even if the latter part of the regex is not matching. We
tried with https://foo.bar/i/1.9.0/barbaz/path/custom/-a and a set of
different chars, this anomaly is only raised when hitting /-i

our config has been fixed by removing the -i flag on the foo acl, but it
doesn't explain this "bug".



Reply via email to