Hello, I'm trying to implement content inspection using haproxy/SPOE and SPOA agent.
I created basic sample configuration to demonstrate my issue: https://github.com/haproxy/haproxy/issues/956#issuecomment-732806414 To reproduce locally, just download contentdebug.zip archive from link above, run it using docker-compose up and hit it with curl (e.g. curl -d '{}' http://localhost). The issue is that although I declared tcp-request/tcp-reponse content send-spoa-group rules, my SPOA agent is called only once with request length 0 and no payload. I suspect I don't fully understand processing of tcp-request/tcp-response rules, acls and accept/reject criteria. I tried to add various acls mainly based on req.len/res.len, which I thought could be used to detect end of payload (The documentation says that req.len/res.len returns false when no more data is available), but still no luck. My goal is to send every chunk of data read/written on given proxy to SPOA agent. Ideally I would like to avoid any buffering, which I thought I could achieve using https://www.arpalert.org/src/haproxy-lua-api/2.2/index.html#Channel.forward (not used in my example). Is it feasible? Or do I need to implement my own filter? This is really important for the project I am working on. Thanks for any help. Regards, Stanislav Pavlicek
