• Categories
  • Recent
  • Tags
  • Popular
  • Users
  • Search
  • Register
  • Login
Netgate Discussion Forum
  • Categories
  • Recent
  • Tags
  • Popular
  • Users
  • Search
  • Register
  • Login

HAProxy default route when a rule doesnt match.

Scheduled Pinned Locked Moved HA/CARP/VIPs
6 Posts 2 Posters 906 Views
Loading More Posts
  • Oldest to Newest
  • Newest to Oldest
  • Most Votes
Reply
  • Reply as topic
Log in to reply
This topic has been deleted. Only users with topic management privileges can see it.
  • J
    jaredadams
    last edited by Feb 8, 2023, 2:19 PM

    I have HAProxy working very well directing traffic to 4 different sites. I would however like to send requests that dont match a rule to one of the sites.
    For instance if you naviate to one of the following:

    • https://<mywanIP>
    • https://somehostnamethatdoesntmatch.com

    I would like for it to just be sent to done of the aforementioned 4 sites of my choosing. I've tried adding in rules to match an IP, or "not" rules, but they dont seem to be working.

    V 1 Reply Last reply Feb 8, 2023, 4:54 PM Reply Quote 0
    • V
      viragomann @jaredadams
      last edited by viragomann Feb 8, 2023, 6:10 PM Feb 8, 2023, 4:54 PM

      @jaredadams
      You can do this by configuring the default backend accordingly.

      You might already have added rules for your websites to use certain backends on match.

      Add a backend and configure an 'http-request redirect' action in it. In the rule box enter

      location https://<redirect-location-patch>

      You may also state a redirect http code in front of the location if you want.

      Set this backend as default in the frontend.

      J 1 Reply Last reply Feb 8, 2023, 5:49 PM Reply Quote 1
      • J
        jaredadams @viragomann
        last edited by jaredadams Feb 8, 2023, 5:50 PM Feb 8, 2023, 5:49 PM

        @viragomann hello! thanks for the reply.

        I've configured a backend and on the frontend in "Default backend, access control lists and actions" section I have the default backend i want chosen.

        When configuring the backend as you're indicating I'm running into problems. I can add the http-request redirect action, but it says theres no matching ACL. When I create an extremely broad ACL such as "Traffic is SSL", give it a name like "ssl_defbackend" and put that into the action's "Condition acl names" it still says it cannot match it to an ACL:

        0ad5fe10-3453-471e-9334-8a4abdc53ff5-image.png

        84f53719-3aa5-4912-9658-f4350fd0289c-image.png

        I don't think I'm doing this right.

        V J 2 Replies Last reply Feb 8, 2023, 6:10 PM Reply Quote 0
        • V
          viragomann @jaredadams
          last edited by Feb 8, 2023, 6:10 PM

          @jaredadams
          You did this in the backend?
          I don't need to state an ACL in the backend action settings.

          Which package version are you on?
          Mine is 0.61_7.

          However, I saw that I've accidentally typed a semi-colon in the URL above, which is also shown in your screenshot. I will correct that.

          1 Reply Last reply Reply Quote 0
          • J
            jaredadams @jaredadams
            last edited by Feb 8, 2023, 6:12 PM

            It appears I have this working, almost. If i send any web request towards the proxy that contains a hostname that doesnt match the rule it will redirect to the default backend no problem. However, i still can't get https://<ipaddress> to redirect. I get a 503.

            Whats HAProxy doing differently when it sees an incoming request with an ip address rather than a hostname?

            V 1 Reply Last reply Feb 8, 2023, 6:57 PM Reply Quote 0
            • V
              viragomann @jaredadams
              last edited by Feb 8, 2023, 6:57 PM

              @jaredadams
              An http frontend doesn't accept IP addresses for comprehensible reasons.
              This might only work in tcp mode.

              1 Reply Last reply Reply Quote 0
              6 out of 6
              • First post
                6/6
                Last post
              Copyright 2025 Rubicon Communications LLC (Netgate). All rights reserved.
                This community forum collects and processes your personal information.
                consent.not_received