ACL rule which works only if ALL header values are in the whitelist

dlukyanov · August 1, 2022, 9:33pm

Hi people!

I need to create an ACL rule which will work only if ALL values from a header are in the whitelist.

I’ve created a small whitelist:

foo
bar

And this is my haproxy.cfg:

defaults
    mode http

frontend http_frontend
    bind *:80
    acl valid-hdr req.hdr(x-my-header) -m str -f /usr/local/etc/haproxy/whitelist.lst
    use_backend mysite if valid-hdr

backend mysite
    server mysite 172.10.1.1:80 check

What I want:

X-My-Header: foo - valid
X-My-Header: bar - valid
X-My-Header: foo,bar - valid
X-My-Header: bar,foo - valid
X-My-Header: bar,something,foo - NOT valid

What I get:
Actually all requests are considered to be valid if AT LEAST one of ‘foo’, ‘bar’ present in the header value.

Topic		Replies	Views
How to allow http requests containing specific header name and value Help!	8	6008	March 12, 2020
Haproxy acl on ip range with ip from header instead of src Help!	4	3045	January 6, 2021
Acl hdr(host) seem to be not working , How to debug? Help!	0	3634	June 14, 2018
Http-header not being modified after upgrade Help!	1	443	August 22, 2022
Haproxy ACL for query-string "Authorization" Help!	1	614	April 13, 2022

ACL rule which works only if ALL header values are in the whitelist

Related topics