On Thu, May 16, 2019 at 08:05:33PM +0200, Tim Düsterhus wrote: > With HAProxy 1.9 you should be able to use the strcmp converter I > contributed like this: > > http-request set-var(txn.host) hdr(host) > # Check whether the client is attempting domain fronting. > acl ssl_sni_http_host_match ssl_fc_sni,strcmp(txn.host) eq 0 > http-response deny deny_status 421 unless ssl_sni_http_host_match > > This sends the proper HTTP/2 status code 421, indicating that the > browser should use a new connection. But please make sure to actually > test this to ensure nothing legitimate breaks.
Now I understand better how you want to use your strcmp() converter :-) Thanks Tim, Willy
