so it appears that OR is implicit and foo was matched as 3 acl :-) Thank's meineerde for the help
Le 04/01/2018 à 11:45, Arnaud B. a écrit : > Hi there, > > Recently, a misrouting has been found on our haproxy config. We had two > ACL mismatching : > > acl foo path_reg -i > ^/(w|a|i)\/([0-9]+\.){0,3}([0-9]+)?\/(ats|atc)\/.*$ OR path_reg -i > ^//(w|a|i)\/([0-9]+\.){0,3}([0-9]+)?\/(ats|atc)\/.*$ > > and > > acl bar path_reg > ^/(w|a|i)\/(.*)\/barbaz\/(.*)\/(install|custom)\/(.*) > > > So, if the called url is > https://foo.bar/i/1.9.0/barbaz/path/custom/foo > > acl bar is matched and this is "normal", now, if I hit > https://foo.bar/i/1.9.0/barbaz/path/custom/-i > > it matches bar, even if the latter part of the regex is not matching. We > tried with https://foo.bar/i/1.9.0/barbaz/path/custom/-a and a set of > different chars, this anomaly is only raised when hitting /-i > > our config has been fixed by removing the -i flag on the foo acl, but it > doesn't explain this "bug". > >