Re: relayd(8) relay: redirect based on URL paths

Mon, 06 Mar 2017 07:33:02 -0800 

table <webpool> { 192.168.10.31 }
table <rdrpool> { 192.168.10.78 }

http protocol somename {
        tcp { nodelay, sack, backlog 1024 }
        match header set "Proxy" value "filtered"
        match header set "X-Forwarded-For" value "$REMOTE_ADDR"
        match header set "X-Forwarded-By" value "$REMOTE_ADDR:$SERVER_PORT"
        match header set "Keep-Alive" value "$TIMEOUT"
        match request header remove "Proxy"

        match request path "/hello*" forward to <rdrpool>
}

relay somerelay {
       listen on 1.2.3.4 port 80
       protocol somename
       forward to <webpool> port 80 mode roundrobin check http "/" code 200
       forward to <rdrpool> port 92 mode roundrobin check tcp
}


Something like this.

But there is a catch with PF in between.
Once client hits http://whatever.org/hello , PF state will be created and if
it tries to reach normal http://whatever.org it WILL BE
redirected to servers housing /hello part.

One way to solve it is to lower tcp.established towards internal machines. In
example above, to <rdrpool>:

pass out on { $INT_IF } proto tcp from self to <rdrpool> port 92 keep state
(tcp.established 10)

br
P.S.
In my env. I share file with tables between pf and relayd. eg include
”/etc/pf/tables” in relays.conf .


> 23 feb. 2017 kl. 03:02 skrev Lyndon Nerenberg <[email protected]>:
>
> My relayd.conf fu is lame and needs help.  Given the following config:
>
>
> ---8<---8<---
>
> interval 60
> timeout 2000
>
> table <webhosts> { w1.example.com w2.example.com w3.example.com }
>
> http protocol https {
>
>        tcp { nodelay, sack }
>        match request header append "X-Forwarded-For" value "$REMOTE_ADDR"
>        match request header append "X-Forwarded-By" \
>                value "$SERVER_ADDR:$SERVER_PORT"
>        match request header set "Connection" value "close"
>
> }
>
> relay web {
>
>        listen on 203.0.113.5 port 443 tls
>        protocol https
>
>        forward with tls to <webhosts> port https mode loadbalance \
>                check https "/" code 200
>
> }
>
> ---8<---8<---
>
> I am trying to figure out how to intercept request paths beginning with
"/xy/"
> so that I can forward them to a different port in the same server pool.
> I.e.:
>
>  https://host.example.com/xy/mumblebarge ->
> https://<webhosts>:5555/xy/mumblebarge
>
>  https://host.example.com/anything_else  ->
https://<webhosts>/anything_else
>
> It seems this should be possible, but I just can't get my head around
> relayd.conf(5) :-(
>
> --lyndon

Reply via email to