Re: relayd(8) relay: redirect based on URL paths
table { 192.168.10.31 } table { 192.168.10.78 } http protocol somename { tcp { nodelay, sack, backlog 1024 } match header set "Proxy" value "filtered" match header set "X-Forwarded-For" value "$REMOTE_ADDR" match header set "X-Forwarded-By" value "$REMOTE_ADDR:$SERVER_PORT" match header set "Keep-Alive" value "$TIMEOUT" match request header remove "Proxy" match request path "/hello*" forward to } relay somerelay { listen on 1.2.3.4 port 80 protocol somename forward to port 80 mode roundrobin check http "/" code 200 forward to port 92 mode roundrobin check tcp } Something like this. But there is a catch with PF in between. Once client hits http://whatever.org/hello , PF state will be created and if it tries to reach normal http://whatever.org it WILL BE redirected to servers housing /hello part. One way to solve it is to lower tcp.established towards internal machines. In example above, to : pass out on { $INT_IF } proto tcp from self to port 92 keep state (tcp.established 10) br P.S. In my env. I share file with tables between pf and relayd. eg include ”/etc/pf/tables” in relays.conf . > 23 feb. 2017 kl. 03:02 skrev Lyndon Nerenberg: > > My relayd.conf fu is lame and needs help. Given the following config: > > > ---8<---8<--- > > interval 60 > timeout 2000 > > table { w1.example.com w2.example.com w3.example.com } > > http protocol https { > >tcp { nodelay, sack } >match request header append "X-Forwarded-For" value "$REMOTE_ADDR" >match request header append "X-Forwarded-By" \ >value "$SERVER_ADDR:$SERVER_PORT" >match request header set "Connection" value "close" > > } > > relay web { > >listen on 203.0.113.5 port 443 tls >protocol https > >forward with tls to port https mode loadbalance \ >check https "/" code 200 > > } > > ---8<---8<--- > > I am trying to figure out how to intercept request paths beginning with "/xy/" > so that I can forward them to a different port in the same server pool. > I.e.: > > https://host.example.com/xy/mumblebarge -> > https://:/xy/mumblebarge > > https://host.example.com/anything_else -> https:///anything_else > > It seems this should be possible, but I just can't get my head around > relayd.conf(5) :-( > > --lyndon
Re: relayd(8) relay: redirect based on URL paths
On Wed, February 22, 2017 9:02 pm, Lyndon Nerenberg wrote: > My relayd.conf fu is lame and needs help. Given the following config: > > > ---8<---8<--- > > interval 60 > timeout 2000 > > table { w1.example.com w2.example.com w3.example.com } > > http protocol https { > > tcp { nodelay, sack } > match request header append "X-Forwarded-For" value "$REMOTE_ADDR" > match request header append "X-Forwarded-By" \ > value "$SERVER_ADDR:$SERVER_PORT" > match request header set "Connection" value "close" > > } > > relay web { > > listen on 203.0.113.5 port 443 tls > protocol https > > forward with tls to port https mode loadbalance \ > check https "/" code 200 > > } > > ---8<---8<--- > > I am trying to figure out how to intercept request paths beginning with > "/xy/" > so that I can forward them to a different port in the same server pool. > I.e.: > > https://host.example.com/xy/mumblebarge -> > https://:/xy/mumblebarge > > https://host.example.com/anything_else -> > https:///anything_else > > It seems this should be possible, but I just can't get my head around > relayd.conf(5) :-( > > --lyndon > I have an example at work I can dig up tomorrow, but look at the Filter Rules. You need bits like: 'pass request path "/xy" forward to ' and probably a catch all 'pass forward to ' for the rest of the traffic. You need to specify the two forwards to the two tables in your relay section. You need two tables since each will go to a different port and the forward to filter only knows about the table name.
relayd(8) relay: redirect based on URL paths
My relayd.conf fu is lame and needs help. Given the following config: ---8<---8<--- interval 60 timeout 2000 table { w1.example.com w2.example.com w3.example.com } http protocol https { tcp { nodelay, sack } match request header append "X-Forwarded-For" value "$REMOTE_ADDR" match request header append "X-Forwarded-By" \ value "$SERVER_ADDR:$SERVER_PORT" match request header set "Connection" value "close" } relay web { listen on 203.0.113.5 port 443 tls protocol https forward with tls to port https mode loadbalance \ check https "/" code 200 } ---8<---8<--- I am trying to figure out how to intercept request paths beginning with "/xy/" so that I can forward them to a different port in the same server pool. I.e.: https://host.example.com/xy/mumblebarge -> https://:/xy/mumblebarge https://host.example.com/anything_else -> https:///anything_else It seems this should be possible, but I just can't get my head around relayd.conf(5) :-( --lyndon