RE: URL rewrite

2018-08-31 Thread Norman Branitsky 
I just realized that this isn't actually correct:
   in their web browser it gets proxied to a backend running at
   https://.cloud.example.com/main?query

I need this request:
https://cloud.example.com/[/]?query
to be sent to the backend server directly as
http://.cloud.example.com/?query


I assume I can use http-request set-uri to rewrite the incoming URL.
I assume I can grab the host name thus:
http-request set-var(req.header_host) req.hdr(host)
But how do I grab the path?
And separate the remainder of the path if necessary,
so I can reassemble the URL as described above?

-Original Message-
From: Norman Branitsky 
Sent: Monday, August 27, 2018 6:53 PM
To: 'Tim Düsterhus' ; haproxy 
Subject: RE: URL rewrite

Your examples are all correct.

-Original Message-
From: Tim Düsterhus 
Sent: Monday, August 27, 2018 6:22 PM
To: Norman Branitsky ; haproxy 

Subject: Re: URL rewrite

Norman,

Am 27.08.2018 um 23:45 schrieb Norman Branitsky:
> I need to rewrite my URLs according to the following pattern:
> cloud.example.com/?query
> becomes:
> .cloud.example.com/main?query
> 
> HAProxy will terminate SSL - I have a wildcard certificate for 
> *.cloud.example.com.
> As the target servers are running Docker Enterprise, I do not need DNS 
> entries for every possible instance of  as Docker EE will handle 
> this internally.
> Is there a way to do this?
> 

What exactly do you mean by rewrite? Do you want that when a user requests

https://cloud.example.com/?query

in their web browser it gets proxied to a backend running at

https://.cloud.example.com/main?query

? Is it possible that there follows a path that you need to preserve:

https://cloud.example.com///?query
to
https://.cloud.example.com/main//?query

?

Best regards
Tim Düsterhus

RE: URL rewrite

2018-08-27 Thread Norman Branitsky 
Your examples are all correct.

-Original Message-
From: Tim Düsterhus  
Sent: Monday, August 27, 2018 6:22 PM
To: Norman Branitsky ; haproxy 

Subject: Re: URL rewrite

Norman,

Am 27.08.2018 um 23:45 schrieb Norman Branitsky:
> I need to rewrite my URLs according to the following pattern:
> cloud.example.com/?query
> becomes:
> .cloud.example.com/main?query
> 
> HAProxy will terminate SSL - I have a wildcard certificate for 
> *.cloud.example.com.
> As the target servers are running Docker Enterprise, I do not need DNS 
> entries for every possible instance of  as Docker EE will handle 
> this internally.
> Is there a way to do this?
> 

What exactly do you mean by rewrite? Do you want that when a user requests

https://cloud.example.com/?query

in their web browser it gets proxied to a backend running at

https://.cloud.example.com/main?query

? Is it possible that there follows a path that you need to preserve:

https://cloud.example.com///?query
to
https://.cloud.example.com/main//?query

?

Best regards
Tim Düsterhus

Re: URL rewrite

2018-08-27 Thread Tim Düsterhus 
Norman,

Am 27.08.2018 um 23:45 schrieb Norman Branitsky:
> I need to rewrite my URLs according to the following pattern:
> cloud.example.com/?query
> becomes:
> .cloud.example.com/main?query
> 
> HAProxy will terminate SSL - I have a wildcard certificate for 
> *.cloud.example.com.
> As the target servers are running Docker Enterprise, I do not need DNS 
> entries for
> every possible instance of  as Docker EE will handle this 
> internally.
> Is there a way to do this?
> 

What exactly do you mean by rewrite? Do you want that when a user requests

https://cloud.example.com/?query

in their web browser it gets proxied to a backend running at

https://.cloud.example.com/main?query

? Is it possible that there follows a path that you need to preserve:

https://cloud.example.com///?query
to
https://.cloud.example.com/main//?query

?

Best regards
Tim Düsterhus

RE: URL Rewrite

2014-09-10 Thread JDzialo John 
Any thoughts on why my reqirep is not working properly on the below 
configuration file?

The replace does not seem to work after putting this in place.

The reqirep should be searching for any url with 
/ordering/vaporencroachment/vaporencroachment.html in it to 
/ordering/lightbox/vecapp.html.

It should preserver everything before and after the matched string.

Any help you could give me would be greatly appreciated.  Thanks!



-Original Message-
From: JDzialo John [mailto:jdzi...@edrnet.com] 
Sent: Tuesday, September 02, 2014 8:48 AM
To: Baptiste
Cc: haproxy@formilux.org
Subject: RE: URL Rewrite

OK.

Here is my config file, I have added the http-server-close option.  I've read 
that is necessary to get reqirep to work properly since it does not work in 
tunnel mode.

global
log /dev/loglocal0
log /dev/loglocal1 notice
chroot /var/lib/haproxy
stats socket /run/haproxy/admin.sock mode 660 level admin
stats timeout 30s
user haproxy
group haproxy
daemon

# Default SSL material locations
ca-base /etc/ssl/certs
crt-base /etc/ssl/private

# Default ciphers to use on SSL-enabled listening sockets.
# For more information, see ciphers(1SSL).
ssl-default-bind-ciphers 
kEECDH+aRSA+AES:kRSA+AES:+AES256:RC4-SHA:!kEDH:!LOW:!EXP:!MD5:!aNULL:!eNULL

defaults
log global
modehttp
option  httplog
option  dontlognull
option forwardfor
option http-server-close
timeout connect 5000
timeout client  5
timeout server  5
timeout http-request 1
errorfile 400 /etc/haproxy/errors/400.http
errorfile 403 /etc/haproxy/errors/403.http
errorfile 408 /etc/haproxy/errors/408.http
errorfile 500 /etc/haproxy/errors/500.http
errorfile 502 /etc/haproxy/errors/502.http
errorfile 503 /etc/haproxy/errors/503.http
errorfile 504 /etc/haproxy/errors/504.http

listen stats

#disabled
bind *:
stats enable
stats uri /haproxy?stats
stats realm Strictly\ Private
stats auth admin:haproxytime

frontend http-in

bind *:80
tcp-request content reject if { src -f /etc/haproxy/blacklist.lst }
#   http-request redirect location http://www.edrnet.com unless { src -f 
/etc/haproxy/whitelist.lst }
timeout client 60

capture request header Host len 50

# Tablenitio
stick-table type ip size 100k expire 30s store conn_cur

# Shut the new connection if the client has already 20 opened
tcp-request connection reject if { src_conn_cur ge 20 }
tcp-request connection track-sc1 src

acl webqa hdr_dom(host) -i webqa
acl webdev hdr_dom(host) -i webdev
acl webstage hdr_dom(host) -i webstage

acl vecapp url_sub /vaporencroachment/vaporencroachment.html

   reqirep ^([^\ :]*)\ 
/ordering/vaporencroachment/vaporencroachment.html(.*) \1\ 
/ordering/lightbox/vecapp.html\2 if vecapp

#   http-request redirect prefix /ordering/lightbox/vecapp.html if vecapp

use_backend webqa if webqa
use_backend webdev if webdev
use_backend webstage if webstage

default_backend web

frontend https-in

#   bind *:443 ssl crt /etc/ssl/web.foo.com.2011.chain.pem
bind *:443 ssl crt /etc/ssl/WILDCARD.foo.com.2011.chain.pem
tcp-request content reject if { src -f /etc/haproxy/blacklist.lst }
#http-request redirect location http://www.edrnet.com unless { src -f 
/etc/haproxy/whitelist.lst }
timeout client 60

capture request header Host len 50

# Table definition
stick-table type ip size 100k expire 30s store conn_cur

# Shut the new connection as long as the client has already 10 opened
tcp-request connection reject if { src_conn_cur ge 10 }
tcp-request connection track-sc1 src

acl webqa hdr_dom(host) -i webqa
acl webdev hdr_dom(host) -i webdev
acl webstage hdr_dom(host) -i webstage

use_backend webqa if webqa
use_backend webdev if webdev
use_backend webstage if webstage

default_backend web

backend web

timeout server 60
balance roundrobin

server edrwebproawvc2 xxx.xxx.xxx.xxx:80 check
server edrwebproawvc3 xxx.xxx.xxx.xxx:80 check

backend webqa

timeout server 60
balance roundrobin

server edrwebqaawvc1 xxx.xxx.xxx.xxx:80 check

backend webdev

timeout server 60
balance roundrobin

server edrwebdevawvd1 xxx.xxx.xxx.xxx:80 check

backend webstage

timeout server 60
balance roundrobin

server edrwebstgawvc1 xxx.xxx.xxx.xxx:80 check


Let me know if I am missing something or have a conflict that is restricting 
the reqirep from working...

Thanks fo

RE: URL Rewrite

2014-09-02 Thread JDzialo John 
OK.

Here is my config file, I have added the http-server-close option.  I've read 
that is necessary to get reqirep to work properly since it does not work in 
tunnel mode.

global
log /dev/loglocal0
log /dev/loglocal1 notice
chroot /var/lib/haproxy
stats socket /run/haproxy/admin.sock mode 660 level admin
stats timeout 30s
user haproxy
group haproxy
daemon

# Default SSL material locations
ca-base /etc/ssl/certs
crt-base /etc/ssl/private

# Default ciphers to use on SSL-enabled listening sockets.
# For more information, see ciphers(1SSL).
ssl-default-bind-ciphers 
kEECDH+aRSA+AES:kRSA+AES:+AES256:RC4-SHA:!kEDH:!LOW:!EXP:!MD5:!aNULL:!eNULL

defaults
log global
modehttp
option  httplog
option  dontlognull
option forwardfor
option http-server-close
timeout connect 5000
timeout client  5
timeout server  5
timeout http-request 1
errorfile 400 /etc/haproxy/errors/400.http
errorfile 403 /etc/haproxy/errors/403.http
errorfile 408 /etc/haproxy/errors/408.http
errorfile 500 /etc/haproxy/errors/500.http
errorfile 502 /etc/haproxy/errors/502.http
errorfile 503 /etc/haproxy/errors/503.http
errorfile 504 /etc/haproxy/errors/504.http

listen stats

#disabled
bind *:
stats enable
stats uri /haproxy?stats
stats realm Strictly\ Private
stats auth admin:haproxytime

frontend http-in

bind *:80
tcp-request content reject if { src -f /etc/haproxy/blacklist.lst }
#   http-request redirect location http://www.edrnet.com unless { src -f 
/etc/haproxy/whitelist.lst }
timeout client 60

capture request header Host len 50

# Tablenitio
stick-table type ip size 100k expire 30s store conn_cur

# Shut the new connection if the client has already 20 opened
tcp-request connection reject if { src_conn_cur ge 20 }
tcp-request connection track-sc1 src

acl webqa hdr_dom(host) -i webqa
acl webdev hdr_dom(host) -i webdev
acl webstage hdr_dom(host) -i webstage

acl vecapp url_sub /vaporencroachment/vaporencroachment.html

   reqirep ^([^\ :]*)\ 
/ordering/vaporencroachment/vaporencroachment.html(.*) \1\ 
/ordering/lightbox/vecapp.html\2 if vecapp

#   http-request redirect prefix /ordering/lightbox/vecapp.html if vecapp

use_backend webqa if webqa
use_backend webdev if webdev
use_backend webstage if webstage

default_backend web

frontend https-in

#   bind *:443 ssl crt /etc/ssl/web.foo.com.2011.chain.pem
bind *:443 ssl crt /etc/ssl/WILDCARD.foo.com.2011.chain.pem
tcp-request content reject if { src -f /etc/haproxy/blacklist.lst }
#http-request redirect location http://www.edrnet.com unless { src -f 
/etc/haproxy/whitelist.lst }
timeout client 60

capture request header Host len 50

# Table definition
stick-table type ip size 100k expire 30s store conn_cur

# Shut the new connection as long as the client has already 10 opened
tcp-request connection reject if { src_conn_cur ge 10 }
tcp-request connection track-sc1 src

acl webqa hdr_dom(host) -i webqa
acl webdev hdr_dom(host) -i webdev
acl webstage hdr_dom(host) -i webstage

use_backend webqa if webqa
use_backend webdev if webdev
use_backend webstage if webstage

default_backend web

backend web

timeout server 60
balance roundrobin

server edrwebproawvc2 xxx.xxx.xxx.xxx:80 check
server edrwebproawvc3 xxx.xxx.xxx.xxx:80 check

backend webqa

timeout server 60
balance roundrobin

server edrwebqaawvc1 xxx.xxx.xxx.xxx:80 check

backend webdev

timeout server 60
balance roundrobin

server edrwebdevawvd1 xxx.xxx.xxx.xxx:80 check

backend webstage

timeout server 60
balance roundrobin

server edrwebstgawvc1 xxx.xxx.xxx.xxx:80 check


Let me know if I am missing something or have a conflict that is restricting 
the reqirep from working...

Thanks for all your help.





-Original Message-
From: Baptiste [mailto:bed...@gmail.com] 
Sent: Monday, September 01, 2014 3:40 AM
To: JDzialo John
Cc: haproxy@formilux.org
Subject: Re: URL Rewrite

John,

might be an issue somewhere else in your conf, cause your rewrite works 
properly.

Baptiste

On Sun, Aug 31, 2014 at 4:03 PM, JDzialo John  wrote:
> OK.
>
>
>
> So I tried a few things I found on the haproxy config guide and still 
> am not successfully able to get reqirep to work properly...
>
>
>
> I have the following two lines in my haproxy.cfg with haproxy 1.5.2
>
>

Re: URL Rewrite

2014-09-01 Thread Baptiste 
John,

might be an issue somewhere else in your conf, cause your rewrite
works properly.

Baptiste

On Sun, Aug 31, 2014 at 4:03 PM, JDzialo John  wrote:
> OK.
>
>
>
> So I tried a few things I found on the haproxy config guide and still am not
> successfully able to get reqirep to work properly...
>
>
>
> I have the following two lines in my haproxy.cfg with haproxy 1.5.2
>
>
>
> acl vecapp url_sub /vaporencroachment/vaporencroachment.html
>
>
>
> reqirep ^([^\ :]*)\ /ordering/vaporencroachment/vaporencroachment.html(.*)
> \1\ /ordering/lightbox/vecapp.html\2 if vecapp
>
>
>
> I am trying to replace the matched string above while keeping any query
> string in tact.
>
>
>
> Is there something I'm doing wrong in my regular expression?
>
>
>
> Thanks
>
>
>
>
>
> From: Baptiste [mailto:bed...@gmail.com]
> Sent: Friday, August 29, 2014 5:24 PM
> To: JDzialo John
> Cc: haproxy@formilux.org
> Subject: Re: URL Rewrite
>
>
>
>
>
>
>
> On Fri, Aug 29, 2014 at 10:50 PM, JDzialo John  wrote:
>
> I want to capture the URL coming in and rewrite it to a new location.
>
>
>
> Take this...
>
>
>
> http://web.foo.com/ordering/vaporencroachment/vaporencroachment.html?pguid=12957559-e75e-4daf-a8c6-928030d714a9&lsessguid=b667871e-f11a-4960-8ad4-bb40ac249364
>
>
>
> And convert it to this...
>
>
>
> http://web.foo.com/ordering/lightbox/vecapp.html?pguid=12957559-e75e-4daf-a8c6-928030d714a9&lsessguid=b667871e-f11a-4960-8ad4-bb40ac249364
>
>
>
> I want to maintain the query string.
>
>
>
> Can I do this with reqirep?  If so can you give me an example?
>
>
>
> Or can I use a simple redirect prefix and maintain the query string.
>
>
>
> Thanks
>
>
>
>
>
> John Dzialo | Linux System Administrator
>
> Direct 203.783.8163 | Main 800.352.0050
>
>
>
> Environmental Data Resources, Inc.
>
> 440 Wheelers Farms Road, Milford, CT 06461
>
>
>
> www.edrnet.com | commonground.edrnet.com
>
>
>
>
>
>
>
> Hi John,
>
>
>
> reqirep can do this.
>
>
>
> Baptiste
>
>

RE: URL Rewrite

2014-08-31 Thread JDzialo John 
OK.

So I tried a few things I found on the haproxy config guide and still am not 
successfully able to get reqirep to work properly...

I have the following two lines in my haproxy.cfg with haproxy 1.5.2

acl vecapp url_sub /vaporencroachment/vaporencroachment.html

reqirep ^([^\ :]*)\ /ordering/vaporencroachment/vaporencroachment.html(.*) \1\ 
/ordering/lightbox/vecapp.html\2 if vecapp

I am trying to replace the matched string above while keeping any query string 
in tact.

Is there something I'm doing wrong in my regular expression?

Thanks


From: Baptiste [mailto:bed...@gmail.com]
Sent: Friday, August 29, 2014 5:24 PM
To: JDzialo John
Cc: haproxy@formilux.org
Subject: Re: URL Rewrite



On Fri, Aug 29, 2014 at 10:50 PM, JDzialo John 
mailto:jdzi...@edrnet.com>> wrote:
I want to capture the URL coming in and rewrite it to a new location.

Take this...

http://web.foo.com/ordering/vaporencroachment/vaporencroachment.html?pguid=12957559-e75e-4daf-a8c6-928030d714a9&lsessguid=b667871e-f11a-4960-8ad4-bb40ac249364

And convert it to this...

http://web.foo.com/ordering/lightbox/vecapp.html?pguid=12957559-e75e-4daf-a8c6-928030d714a9&lsessguid=b667871e-f11a-4960-8ad4-bb40ac249364

I want to maintain the query string.

Can I do this with reqirep?  If so can you give me an example?

Or can I use a simple redirect prefix and maintain the query string.

Thanks


John Dzialo | Linux System Administrator
Direct 203.783.8163 | Main 800.352.0050

Environmental Data Resources, Inc.
440 Wheelers Farms Road, Milford, CT 06461

www.edrnet.com<http://www.edrnet.com> | 
commonground.edrnet.com<http://commonground.edrnet.com/>



Hi John,

reqirep can do this.

Baptiste

Re: URL Rewrite

2014-08-29 Thread Baptiste 
On Fri, Aug 29, 2014 at 10:50 PM, JDzialo John  wrote:

>  I want to capture the URL coming in and rewrite it to a new location.
>
>
>
> Take this...
>
>
>
>
> http://web.foo.com/ordering/vaporencroachment/vaporencroachment.html?pguid=12957559-e75e-4daf-a8c6-928030d714a9&lsessguid=b667871e-f11a-4960-8ad4-bb40ac249364
>
>
>
> And convert it to this...
>
>
>
>
> http://web.foo.com/ordering/lightbox/vecapp.html?pguid=12957559-e75e-4daf-a8c6-928030d714a9&lsessguid=b667871e-f11a-4960-8ad4-bb40ac249364
>
>
>
> I want to maintain the query string.
>
>
>
> Can I do this with reqirep?  If so can you give me an example?
>
>
>
> Or can I use a simple redirect prefix and maintain the query string.
>
>
>
> Thanks
>
>
>
>
>
> *John Dzialo* | *Linux System Administrator*
>
> *Direct* 203.783.8163 | *Main *800.352.0050
>
>
>
> *Environmental Data Resources, Inc.*
>
> 440 Wheelers Farms Road, Milford, CT 06461
>
>
>
> *www.edrnet.com * | commonground.edrnet.com
>
>
>
> [image: Description: Description: Description: Description: Description:
> EDR_logo4color_EDR_only_80px2]
>
>
>

Hi John,

reqirep can do this.

Baptiste

Re: URL rewrite question

2010-02-06 Thread Holger Just 
On 2010-02-06 10:55, Willy Tarreau wrote:
>  reqrep ([^\ ]*)\ /action.register\?([^&]*&)*param2=bar(.*)  \1\ 
> /newaction\?\2param2=bar\3

This does it. Looks like your Regex Kung Fu is stronger than mine. But
well, it was late :)

--Holger

Re: URL rewrite question

2010-02-06 Thread Willy Tarreau 
Hi,

On Thu, Feb 04, 2010 at 10:31:03PM +0100, Holger Just wrote:
> On 2010-02-04 21:15, Sriram Chavali wrote:
> > I am trying to rewrite URLs using haproxy's reqirep directive. The url that 
> > I am trying to rewrite is of the pattern
> > /action/register?param1=foo¶m2=bar¶m3=baz
> > 
> > The URL that I want to be rewritten is 
> > /newaction?param1=foo¶m2=bar¶m3=baz on the condition that whenever 
> > param2=bar
> > 
> > The ordering of the query string parameters can be random, i.e param2 could 
> > be the 1st parameter or the last one. 
> 
> In Haproxy 1.3.x it is currently not possible to issue a reqirep on a
> conditional basis. This is however introduced in Haproxy 1.4-rc1. There
> you could solve your problem using something like this:
> 
> acl baz url_sub ¶m2=bar ?param2=bar
> reqirep ([^\ ]*)\ /action/register\?(.*)  \1\ /newaction\?\2  if baz

Well, since both entries are on the same line and param2 is
always after the string to match, you can still write it
without ACLs in 1.3 :

 reqrep ([^\ ]*)\ /action.register\?([^&]*&)*param2=bar(.*)  \1\ 
/newaction\?\2param2=bar\3

That way the regex will only match when "param2=bar" appears in one of
the parameters.

Willy

Re: URL rewrite question

2010-02-04 Thread Holger Just 
On 2010-02-04 21:15, Sriram Chavali wrote:
> I am trying to rewrite URLs using haproxy's reqirep directive. The url that I 
> am trying to rewrite is of the pattern
> /action/register?param1=foo¶m2=bar¶m3=baz
> 
> The URL that I want to be rewritten is 
> /newaction?param1=foo¶m2=bar¶m3=baz on the condition that whenever 
> param2=bar
> 
> The ordering of the query string parameters can be random, i.e param2 could 
> be the 1st parameter or the last one. 

In Haproxy 1.3.x it is currently not possible to issue a reqirep on a
conditional basis. This is however introduced in Haproxy 1.4-rc1. There
you could solve your problem using something like this:

acl baz url_sub ¶m2=bar ?param2=bar
reqirep ([^\ ]*)\ /action/register\?(.*)  \1\ /newaction\?\2  if baz

On 1.3.x you could however use something like the following which
performs a content switch based on the acl and performs the reqirep
later in the backend. You might want to look into the track keyword for
the servers.

frontend foo
  bind :80
  mode http

  acl baz url_sub ¶m2=bar ?param2=bar
  use_backend baz if baz

backend baz
  reqirep ([^\ ]*)\ /action/register\?(.*)  \1\ /newaction\?\2
  server foo 192.168.1.1:80

Yes, this is uggly but as far as I know it is the only possibility by
now. (And yes, I see forward to remove many such backends in my
installations too)

--Holger