HAProxy Frontend ACL Limitation
-
We have 104 active ACLs and Actions on our frontend. Whenever we want to add a new ACL + Action the following error occurs: "The value '' in field 'Client timeout' is not a number."
Whenever this error occured, some of our configurations for the frontend were reset. (Default Backend, Additional certificates)
We are using haproxy-devel 0.60_5 but have already tested out haproxy 0.60_4 where the same error occured.
As a workaround we tried to add the ACL rule + the action into the Advanced pass thru section like the following:
acl xyz var(txn.txnhost) -m str -i xyz.companyname.com http-request redirect location https://test.companyname.com/xyz if xyz
This section is then present inside of the
/var/etc/haproxy/haproxy.cfg
file content just beneath the frontend, however, the redirect is not working.Is there any fix or workaround to this problem?
-
@arnold-assistant
I dont see why adding a extra redirect wouldn't work.. if you checkout the haproxy.cfg config generated(bottom of settings tab) i guess its all there as expected.?.As for the other client-timeout error.. i think the 'POST' that is generated is getting to big.. Ill try and fix that..
-
Sadly it does not work with passing it through the Advanced pass thru field, even though it is present inside of the haproxy.cfg file.
However, it is being added above all the other ACLs, might this be the issue?
frontend www.companyname.com bind <IPv4>:443 name <IPv4>:443 ssl crt-list /var/etc/haproxy/www.companyname.com.crt_list bind <IPv4>:80 name <IPv4>:80 bind <IPv6>:80 name <IPv6>:80 bind <IPv6>:443 name <IPv6>:443 ssl crt-list /var/etc/haproxy/www.companyname.com.crt_list mode http log global option http-keep-alive timeout client 30000 acl xyz var(txn.txnhost) -m str -i xyz.companyname.com http-request redirect location https://test.companyname.com/xzy if xyz acl letsencrypt-acl var(txn.txnpath) -m beg -i /.well-known/acme-challenge/ acl is_not_www var(txn.txnhost) -m str -i companyname.com acl is_staging.companyname.com var(txn.txnhost) -m str -i staging.companyname.com acl is_go.companyname.com var(txn.txnhost) -m str -i go.companyname.com . . . http-request set-var(txn.txnpath) path http-request set-var(txn.txnhost) hdr(host) http-request redirect prefix https://www.companyname.com if is_not_www http-request redirect location https://test.companyname.com/dirname/staging/ if is_staging.companyname.com http-request redirect location https://test.companyname.com/dirname/go/ if is_go.companyname.com . . .
All the other redirects do work, only the newly added redirect (inside of the Advanced pass thru field) does not work at all.
Thanks for trying to fix the 'POST' problem.
-
@arnold-assistant said in HAProxy Frontend ACL Limitation:
Perhaps try not using the 'var', i think now that it did not 'set' it yet when the advanced config acl is using it.. http-request rules are processed in the order they appear in the config.. so to avoid that change the acl like this:acl xyz hdr(Host) -m str -i xyz.companyname.com http-request redirect location https://test.companyname.com/xyz if xyz