Hi,
I’m having trouble with recording a URL in a stick-table.
So, I’ve got an ACL with a regex and I want to trap any incoming request that would match regex in a stick-table
This is an extract of my HA Proxy file configuration.
acl rejetseancesV4 url_reg ^/depot/api/lra/wp/v1/seances/S_3[0-9]{10,40}?type=meta$
stick-table type string len 128 size 1m expire 10m store http_req_cnt
tcp-request content track-sc2 path if rejetseancesV4
And then, I’ve got this entry in HA Proxy log.
haproxy.log:10.97.3.50 “0A610332:F46E_0A2148F0:139C_672A363E_01C2:2A6F” - - [05/Nov/2024:16:14:06.587] "GET /depot/api/lra/wp/v1/seances/S_31300120234892?type=meta
I was expecting this request to be recorded in the stick table, but there’s nothing.
The regex match the request but nothing is recorded.
First I was using the path_reg keyword an then after reading the ticket here Acl regex problem with "?" in URL, I understood that I should use the keyword url_reg instead of path_reg (because of the question mark in the URL)
But it doesn’t solve the problem, the request is not recorded in the stick table.
Any idea what’s wrong ?
Regards,
Phil
Your regexp seems wrong (not properly escaped), this should help
acl rejetseancesV4 url_reg '^\/depot\/api\/lra\/wp\/v1\/seances\/S_3[0-9]{10,40}\?type=meta$'
However note (as mentioned in the doc) that path stops before the “?” in the url
If you want to stay consistent between the acl and the sticktable, either store url in the table, or use path to match the request (in this case regexp should be updated because the “?” part would never match):
path -m reg "your regexp here"
HI,
Thank you for answering.
I’ve tried to escape the / and ?, but it doesn’t make any difference.
I’ll try with “path”.
Regards,
Don’t hesitate to validate your regexp using regexp validator tools (including online tools), to help spot any error in your regexp
I checked that /depot/api/lra/wp/v1/seances/S_31300120234892?type=meta matched with the above regexp, and so did haproxy
Hi,
Yes, I’ve checked the regex with different tools and it matches the entry in the log.
But I’m still stuck… I don’t understand. The regex is OK, but nothing is recorded in the stick table.
Escaping the characters doesn’t change anything and I can’t use the “path” keyword because it wouldn’t work with the ?.
Don’t know what to do…
Anyway, Thank you again for your answer.
I’ll keep on searching…
Regards,
Phil.
Oh ok, then there must be something else indeed.
Just to be sure, can you condition another action such as setting a response header (which you can check) with rejetseancesV4 to see if it properly matches within haproxy?
If yes, then there must be something with the sticktable.
How do you check for data in the sticktable?
Hi,
I’m not sure how to add another action like setting a response header.
To visualize the content of the stick table, I use the command
echo "MY_LISTEN_CONF" | nc -U /USR/hanotmic/SSL/logs/haproxy.stat
Phil