Netgate Discussion Forum
    • Categories
    • Recent
    • Tags
    • Popular
    • Users
    • Search
    • Register
    • Login

    [Solved] Can't get ACL to match on Haproxy

    Scheduled Pinned Locked Moved Cache/Proxy
    6 Posts 2 Posters 2.1k Views
    Loading More Posts
    • Oldest to Newest
    • Newest to Oldest
    • Most Votes
    Reply
    • Reply as topic
    Log in to reply
    This topic has been deleted. Only users with topic management privileges can see it.
    • T
      Trel
      last edited by

      I'm have an issue getting an ACL to work.

      I've tried using Host Matches and Host Contains

      The domain I'm testing with is: http://psho.co:8080/ (or http://psho.co:8080/radio/) and I have a second domain also pointed at that server which shows the same page.
      Both show 503.

      I'm attaching a screenshot of the settings

      Now, if I check the "NOT" box to invert the match on the ACL, http://psho.co:8080/ shows the intended page, however, do does the completely different domain I also have pointed to it.

      I can't figure out what I'm doing wrong here.

      Addititionally, I ran a packet capture to verify that the host is set correctly in the requests and it's requesting

      
      GET /radio/ HTTP/1.1
      Host: psho.co:8080
      User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64; rv:43.0) Gecko/20100101 Firefox/43.0
      Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
      Accept-Language: en-US,en;q=0.5
      Accept-Encoding: gzip, deflate
      Connection: keep-alive
      Cache-Control: max-age=0
      
      

      So I'm not sure what I'm doing wrong.

      (I'm using the Devel package which says it's actually 1.6 stable)
      haproxy.png
      haproxy.png_thumb

      1 Reply Last reply Reply Quote 0
      • T
        Trel
        last edited by

        I don't know why host contains fails, but with host matches, psho.co:8080 works.

        1 Reply Last reply Reply Quote 0
        • P
          PiBa
          last edited by

          Looks like a bug.. I'm writing hdr_dir in the config, that should of course been hdr_sub..  :o
          Will fix that soon in a new version.

          p.s. If you find other 'wierd' behavior let me know :).

          Regards,
          PiBa-NL

          1 Reply Last reply Reply Quote 0
          • T
            Trel
            last edited by

            @PiBa:

            Looks like a bug.. I'm writing hdr_dir in the config, that should of course been hdr_sub..  :o
            Will fix that soon in a new version.

            p.s. If you find other 'wierd' behavior let me know :).

            Regards,
            PiBa-NL

            Is this fixed in the latest devel version?  I see there's an update available.
            I don't want to mess with it unless it's fixed as my current setup is "working" at the moment.

            1 Reply Last reply Reply Quote 0
            • P
              PiBa
              last edited by

              On pfSense 2.2 it is NOT fixed, the pullrequest is still pending.. https://github.com/pfsense/pfsense-packages/pull/1236

              On pfSense 2.3 it is fixed: https://github.com/pfsense/FreeBSD-ports/blob/devel/net/pfSense-pkg-haproxy-devel/files/usr/local/pkg/haproxy/haproxy.inc#L62

              1 Reply Last reply Reply Quote 0
              • T
                Trel
                last edited by

                @PiBa:

                On pfSense 2.2 it is NOT fixed, the pullrequest is still pending.. https://github.com/pfsense/pfsense-packages/pull/1236

                On pfSense 2.3 it is fixed: https://github.com/pfsense/FreeBSD-ports/blob/devel/net/pfSense-pkg-haproxy-devel/files/usr/local/pkg/haproxy/haproxy.inc#L62

                Perfect, I'm on 2.3 :)

                Thanks a bunch.

                1 Reply Last reply Reply Quote 0
                • First post
                  Last post
                Copyright 2025 Rubicon Communications LLC (Netgate). All rights reserved.