RE: [EXTERNAL] Re: built in ACL, REQ_CONTENT

Tue, 08 Jun 2021 08:37:00 -0700 

Certainly,

Postrgres sends this message across the wire:

Jun  2 21:14:40 ip-172-31-77-193 haproxy[9031]: #0110x000000: 00 00 00 4c 00 03 
00 00   75 73 65 72 00 74 73 64   |...L....user.tsd|

Jun  2 21:14:40 ip-172-31-77-193 haproxy[9031]: #0110x000010: 62 00 64 61 74 61 
62 61   73 65 00 74 73 64 62 00   |b.database.tsdb.|

Jun  2 21:14:40 ip-172-31-77-193 haproxy[9031]: #0110x000020: 61 70 70 6c 69 63 
61 74   69 6f 6e 5f 6e 61 6d 65   |application_name|

Jun  2 21:14:40 ip-172-31-77-193 haproxy[9031]: #0110x000030: 00 70 73 71 6c 00 
63 6c   69 65 6e 74 5f 65 6e 63   |.psql.client_enc|

Jun  2 21:14:40 ip-172-31-77-193 haproxy[9031]: #0110x000040: 6f 64 69 6e 67 00 
55 54   46 38 00 00               |oding.UTF8..|

Bytes, 8 – are user\0 Byte 13 starts the userid. I would like to be able to 
test that userid and make a routing decision on that. This is what the HAProxy 
docs suggest:

acl check-rw req.payload(8,32),hex -m sub  757365720074736462727700

use_backend pg_readwrite if check-rw

But the ACL never results in true…

pg

From: Jarno Huuskonen <jarno.huusko...@uef.fi>
Sent: Tuesday, June 8, 2021 8:35 AM
To: Godfrin, Philippe E <philippe.godf...@nov.com>
Cc: haproxy@formilux.org
Subject: Re: [EXTERNAL] Re: built in ACL, REQ_CONTENT

Use caution when interacting with this [EXTERNAL] email!

Hello,

On Tue, 2021-06-08 at 12:25 +0000, Godfrin, Philippe E wrote:
> OK, I see. An associated question, how do I gain access to that content to
> interrogate/parse the data in that content?

req.body
(https://cbonte.github.io/haproxy-dconv/2.4/configuration.html#7.3.6-req.body)

Can you explain a little bit what you're trying to do ?

-Jarno

> pg
>
> -----Original Message-----
> From: Lukas Tribus <lu...@ltri.eu>
> Sent: Monday, June 7, 2021 4:08 PM
> To: Godfrin, Philippe E <philippe.godf...@nov.com>
> Cc: haproxy@formilux.org
> Subject: [EXTERNAL] Re: built in ACL, REQ_CONTENT
>
> Use caution when interacting with this [EXTERNAL] email!
>
> Hello,
>
> On Mon, 7 Jun 2021 at 14:51, Godfrin, Philippe E <philippe.godf...@nov.com>
> wrote:
> >
> > Greetings!
> >
> > I can’t seem to find instructions on how to use this builtin ACL. Can
> > someone point me in the right direction, please?
>
> There is nothing specific about it, you use just like every other ACL.
>
> http-request deny if REQ_CONTENT
>
> http-request deny unless REQ_CONTENT
>
>
>  Lukas
>
>
>
>

--
Jarno Huuskonen

Reply via email to