[Solved] Can't get ACL to match on Haproxy
-
I'm have an issue getting an ACL to work.
I've tried using Host Matches and Host Contains
The domain I'm testing with is: http://psho.co:8080/ (or http://psho.co:8080/radio/) and I have a second domain also pointed at that server which shows the same page.
Both show 503.I'm attaching a screenshot of the settings
Now, if I check the "NOT" box to invert the match on the ACL, http://psho.co:8080/ shows the intended page, however, do does the completely different domain I also have pointed to it.
I can't figure out what I'm doing wrong here.
Addititionally, I ran a packet capture to verify that the host is set correctly in the requests and it's requesting
GET /radio/ HTTP/1.1 Host: psho.co:8080 User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64; rv:43.0) Gecko/20100101 Firefox/43.0 Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8 Accept-Language: en-US,en;q=0.5 Accept-Encoding: gzip, deflate Connection: keep-alive Cache-Control: max-age=0So I'm not sure what I'm doing wrong.
(I'm using the Devel package which says it's actually 1.6 stable)
-
I don't know why host contains fails, but with host matches, psho.co:8080 works.
-
Looks like a bug.. I'm writing hdr_dir in the config, that should of course been hdr_sub.. :o
Will fix that soon in a new version.p.s. If you find other 'wierd' behavior let me know :).
Regards,
PiBa-NL
-
Looks like a bug.. I'm writing hdr_dir in the config, that should of course been hdr_sub.. :o
Will fix that soon in a new version.p.s. If you find other 'wierd' behavior let me know :).
Regards,
PiBa-NLIs this fixed in the latest devel version? I see there's an update available.
I don't want to mess with it unless it's fixed as my current setup is "working" at the moment.
-
On pfSense 2.2 it is NOT fixed, the pullrequest is still pending.. https://github.com/pfsense/pfsense-packages/pull/1236
On pfSense 2.3 it is fixed: https://github.com/pfsense/FreeBSD-ports/blob/devel/net/pfSense-pkg-haproxy-devel/files/usr/local/pkg/haproxy/haproxy.inc#L62
-
On pfSense 2.2 it is NOT fixed, the pullrequest is still pending.. https://github.com/pfsense/pfsense-packages/pull/1236
On pfSense 2.3 it is fixed: https://github.com/pfsense/FreeBSD-ports/blob/devel/net/pfSense-pkg-haproxy-devel/files/usr/local/pkg/haproxy/haproxy.inc#L62
Perfect, I'm on 2.3 :)
Thanks a bunch.