ACL and 401 Question

Help!
1

I have an ACL that works fine:
acl broadcast hdr(host) -i bcast.mydomain.us

Now I need this ACL to work (or something similar):
acl broadcastphp path -i -m end /save.php

use_backend bcast1 if broadcast
use_backend bcast2 if broadcastphp

backend bcast1
balance leastconn
http-request set-header X-Client-IP %[src]
redirect scheme https if ! { ssl_fc }
server broadcast1 broadcast.lxd:9001 check ssl verify none

backend bcast2
balance leastconn
http-request set-header X-Client-IP %[src]
redirect scheme https if ! { ssl_fc }
server broadcast1 broadcast.lxd:9001 check ssl verify none

Here is the haproxy log for this:

Mar 4 20:20:48 localhost haproxy[307]: 24.164.61.66:64197 [04/Mar/2021:20:20:48.287] http_lb~ bcast1/broadcast1 0/0/1/2/82 401 203 - - SD-- 7/7/1/1/0 0/0 “POST /save.php HTTP/1.1”

It appears I am always hitting the bcast1 when I want bcast2? Note that I am always getting a 401 Unauthorized for the bcast.mydomain.us/save.php url and I don’t know why?

Ideas?

Ray

2

Just read your statement in sequence:

use_backend bcast1 if broadcast

This is true, even when the path ends in /save.php.

Either flip the statements around or negate it:

use_backend bcast2 if broadcastphp
use_backend bcast1 if broadcast

use_backend bcast1 if broadcast !broadcastphp
use_backend bcast2 if broadcastphp
3

Thanks. That fixed that issue.

Any idea why I am getting 16:47:12.026 XHR POST https://bcast.mydomain.us/save.php
[HTTP/1.1 401 Unauthorized 208ms]

Note that the url https://bcast.mydomain.us works fine.

Thanks

Ray

4

You’ll have to check your backend server.

5

Yep. It was an Apache2 issue.

Thanks,

Ray