HAProxy (1.4.24 pkg v 1.2.5) listener acl issue

  • I'm running  pfsense 2.1.5-RELEASE  (amd64) and believe I might have come across a bug in "HAProxy: Listener: Edit" php page (haproxy_listeners_edit.php). I'm using the package HAproxy package 1.4.24 pkg v 1.2.5. I'd like to know if it's only on my setup or if anything else can reproduce the issue.

    The issue:
    When I try and create a new listener and want to specify an ACL entry with the type being anything else then HTTP (ex.: HTTPS, TCP, Health), the dropdown list for the Expression only has "Source IP:" as an option. If I select HTTP as the type, then I get the full dropdown list with all the entries.

    If I create a listener with HTTPS and the type and ACL with the expression type "Source IP:", then save the newly created listener, go back and edit it and you'll then be able to select from the normal dropdown Expression menu. If however you save with the type being HTTPS, TCP or Health AND the expression anything else then Source IP: when you go back to edit that listener, no ACLs will be listed. The ACL is there though because I'm able to proxy traffic correctly based on some of the other expressions.

    I've added a picture to hopefully help explain how to see the possible bug.

  • For haproxy 1.4 the only valid acl for https traffic (that is available in the webgui) is the source ip acl. If you shortly can select other acls that is indeed a (small) bug..

    If you want to do 'anything' with ssl then you should probably be switching to the haproxy-devel package that uses the haproxy 1.5.x release version. Then you can either use ssl-offloading on haproxy and have full http processing options, or use https with sni to select a backend.