Hello,
On Fri, Oct 05, 2018 at 10:46:20AM +0200, Ricardo Fraile wrote:
> Hello,
>
>
> I have tested that some types of acls can't be combined, as example:
>
> Server 192.138.1.1, acl with combined rules:
>
> acl rule1 hdr_dom(host) -i test.com
> acl rule1 src 192.168.1.2/24
> redirect prefix https://yes.com code 301 if rule1
> redirect prefix https://no.com
>
> Request from 192.168.1.2:
>
> $ curl -I -H "host: test.com" 192.138.1.1
> HTTP/1.1 301 Moved Permanently
> Content-length: 0
> Location: https://yes.com/
>
> Request from 192.168.1.3:
>
> $ curl -I -H "host: test.com" 192.138.1.1
> HTTP/1.1 301 Moved Permanently
> Content-length: 0
> Location: https://yes.com/
>
>
>
> Server 192.138.1.1, acl with two rules:
>
> acl rule1 hdr_dom(host) -i test.com
> acl rule2 src 192.168.1.2/24
> redirect prefix https://yes.com code 301 if rule1 rule2
> redirect prefix https://no.com
>
> Request from 192.168.1.2:
>
> $ curl -I -H "host: test.com" 192.138.1.1
> HTTP/1.1 301 Moved Permanently
> Content-length: 0
> Location: https://yes.com/
>
> Request from 192.168.1.3:
>
> $ curl -I -H "host: test.com" 192.138.1.1
> HTTP/1.1 301 Moved Permanently
> Content-length: 0
> Location: https://no.com/
>
> I look for this behaviour on the documentation but I don't find any
> reference to it. Please, can someone know where it is documented?
>
>
This is expected behavior.
when you declare acls with the same name such as:
acl foo src 1.2.3.4
acl foo hdr(host) foo.bar
and use foo as a condition for anything, foo equivalent to :
{ src 1.2.3.4 } || { hdr(host) foo.bar }
There is at least an example of this behavior in the documentation:
https://cbonte.github.io/haproxy-dconv/1.8/configuration.html#7.2
your splitting of the acl in two acls leads to implying an && between the two
acls, and the behavior is different.
regards,
Jérôme
