ACL rule which works only if ALL header values are in the whitelist

Hi people!

I need to create an ACL rule which will work only if ALL values from a header are in the whitelist.

I’ve created a small whitelist:


And this is my haproxy.cfg:

    mode http

frontend http_frontend
    bind *:80
    acl valid-hdr req.hdr(x-my-header) -m str -f /usr/local/etc/haproxy/whitelist.lst
    use_backend mysite if valid-hdr

backend mysite
    server mysite check

What I want:

  • X-My-Header: foo - valid
  • X-My-Header: bar - valid
  • X-My-Header: foo,bar - valid
  • X-My-Header: bar,foo - valid
  • X-My-Header: bar,something,foo - NOT valid

What I get:
Actually all requests are considered to be valid if AT LEAST one of ‘foo’, ‘bar’ present in the header value.