I’m trying to create an ACL with 2 fetches, similar to this post here: Anonymous ACL - Multiple AND Conditions Not Evaluted
In my example:
http-request set-var(txn.endpoint) req.hdr(Host) http-request set-var(txn.origin) req.hdr(Origin) acl is_allowed_entrypoint_origin var(txn.endpoint) -i endpoint.domain.com var(txn.origin) -i -m end -f allowed_origins.acl http-request use-service lua.forbidden unless is_allowed_entrypoint_origin
Inside my allowed_origins.acl file I have:
Now if I query the endpoint
endpoint.domain.com I was expecting to get a 403 if the request wasn’t originated by the 2 origins listed in my acl, however I get a 200 response for every frontend I query it from.
Note: I know I could simplify it by just allowing certain origins to every endpoint on haproxy, however I have multiple endpoints in my setup and I’d like to have a different list of allowed origins for each.