so it appears that OR is implicit and foo was matched as 3 acl :-)
Thank's meineerde for the help
Le 04/01/2018 à 11:45, Arnaud B. a écrit :
> Hi there,
>
> Recently, a misrouting has been found on our haproxy config. We had two
> ACL mismatching :
>
> acl foo path_reg -i
> ^/(w|a|i)\/([0-9]+\.){0,3}([0-9]+)?\/(ats|atc)\/.*$ OR path_reg -i
> ^//(w|a|i)\/([0-9]+\.){0,3}([0-9]+)?\/(ats|atc)\/.*$
>
> and
>
> acl bar path_reg
> ^/(w|a|i)\/(.*)\/barbaz\/(.*)\/(install|custom)\/(.*)
>
>
> So, if the called url is
> https://foo.bar/i/1.9.0/barbaz/path/custom/foo
>
> acl bar is matched and this is "normal", now, if I hit
> https://foo.bar/i/1.9.0/barbaz/path/custom/-i
>
> it matches bar, even if the latter part of the regex is not matching. We
> tried with https://foo.bar/i/1.9.0/barbaz/path/custom/-a and a set of
> different chars, this anomaly is only raised when hitting /-i
>
> our config has been fixed by removing the -i flag on the foo acl, but it
> doesn't explain this "bug".
>
>
