Hi, On Thu, May 25, 2023 at 06:18:02PM +0200, Stephan Seitz wrote: > Hi! > > HA-Proxy 2.2.9
First, please note that this one misses many fixes, it's affected by 458 known bugs among wihch one critical and 28 major: https://www.haproxy.org/bugs/bugs-2.2.9.html > I have an HA-Proxy frontend and an application backend. The authentification > is done by the backend. > > The HA-Proxy replaces an older pound proxy. Pound could log like Apache, so > the log contained the user name, even if pound didn't authenticate the user. > > Searching the net I have found the following string to decode the username > from the auth string: > > req.fhdr(Authorization),regsub(^Basic\s+,,i),b64dec,regsub(:.+,) > > So I tried the following in the frontend section: > > http-request set-var(req.s1) > req.fhdr(Authorization),regsub(^Basic\s+,,i),b64dec,regsub(:.+,) > log-format "%[var(req.s1)]" > > But this doesn't work, I get ,,-" in the log. > > What did I wrong? You did not necessarily do anything wrong. It's possible even though unlikely, that the problem lies in one of the 458 bugs above. It's also possible that the regex you found works with PCRE and that you didn't build with it, or the opposite. Here regex are not needed, I think you could use: http-request set-var(req.s1) req.fhdr(Authorization),word(2),b64dec,word(1,:) log-format "%[var(req.s1)]" "word" splits words around delimiters and could be simpler here. If it still does not work, you should verify that the header has the correct format by only assigning req.fhdr(authorization) to the variable. Oh, wait a minute, you used a request variable. Its life doesn't go further than the moment the request is sent to the server. Logs happen at the end of the stream so the variable is dropped at this point. Please use "txn.s1" instead of "req.s1", it will last for the whole transaction (req+resp). Willy
