Netgate Discussion Forum
    • Categories
    • Recent
    • Tags
    • Popular
    • Users
    • Search
    • Register
    • Login

    HAProxy default route when a rule doesnt match.

    HA/CARP/VIPs
    2
    6
    885
    Loading More Posts
    • Oldest to Newest
    • Newest to Oldest
    • Most Votes
    Reply
    • Reply as topic
    Log in to reply
    This topic has been deleted. Only users with topic management privileges can see it.
    • J
      jaredadams
      last edited by

      I have HAProxy working very well directing traffic to 4 different sites. I would however like to send requests that dont match a rule to one of the sites.
      For instance if you naviate to one of the following:

      • https://<mywanIP>
      • https://somehostnamethatdoesntmatch.com

      I would like for it to just be sent to done of the aforementioned 4 sites of my choosing. I've tried adding in rules to match an IP, or "not" rules, but they dont seem to be working.

      V 1 Reply Last reply Reply Quote 0
      • V
        viragomann @jaredadams
        last edited by viragomann

        @jaredadams
        You can do this by configuring the default backend accordingly.

        You might already have added rules for your websites to use certain backends on match.

        Add a backend and configure an 'http-request redirect' action in it. In the rule box enter

        location https://<redirect-location-patch>

        You may also state a redirect http code in front of the location if you want.

        Set this backend as default in the frontend.

        J 1 Reply Last reply Reply Quote 1
        • J
          jaredadams @viragomann
          last edited by jaredadams

          @viragomann hello! thanks for the reply.

          I've configured a backend and on the frontend in "Default backend, access control lists and actions" section I have the default backend i want chosen.

          When configuring the backend as you're indicating I'm running into problems. I can add the http-request redirect action, but it says theres no matching ACL. When I create an extremely broad ACL such as "Traffic is SSL", give it a name like "ssl_defbackend" and put that into the action's "Condition acl names" it still says it cannot match it to an ACL:

          0ad5fe10-3453-471e-9334-8a4abdc53ff5-image.png

          84f53719-3aa5-4912-9658-f4350fd0289c-image.png

          I don't think I'm doing this right.

          V J 2 Replies Last reply Reply Quote 0
          • V
            viragomann @jaredadams
            last edited by

            @jaredadams
            You did this in the backend?
            I don't need to state an ACL in the backend action settings.

            Which package version are you on?
            Mine is 0.61_7.

            However, I saw that I've accidentally typed a semi-colon in the URL above, which is also shown in your screenshot. I will correct that.

            1 Reply Last reply Reply Quote 0
            • J
              jaredadams @jaredadams
              last edited by

              It appears I have this working, almost. If i send any web request towards the proxy that contains a hostname that doesnt match the rule it will redirect to the default backend no problem. However, i still can't get https://<ipaddress> to redirect. I get a 503.

              Whats HAProxy doing differently when it sees an incoming request with an ip address rather than a hostname?

              V 1 Reply Last reply Reply Quote 0
              • V
                viragomann @jaredadams
                last edited by

                @jaredadams
                An http frontend doesn't accept IP addresses for comprehensible reasons.
                This might only work in tcp mode.

                1 Reply Last reply Reply Quote 0
                • First post
                  Last post
                Copyright 2025 Rubicon Communications LLC (Netgate). All rights reserved.