HAProxy community

Check old path using ACL after replacing it


I would like to do URL rewrite which looks like not so easy deal here.

Say I want to replace url’s with mysite.com/boom/23/bam to mysite.com/bam/23/boom

Let’s have following config

acl OLD_PATH path_reg -i /boom/\d+/bam
reqrep ^([^\ :]*) /boom/(\d+)/bam \1 /bam/\2\boom
redirect code 301 prefix / drop-query if OLD_PATH

It looks fine, but the redirect won’t happen because the path has been already replaced, so I can’t use OLD_PATH acl anymore.

Yet, if I create new ACL with the new path (/bam/_/boom) then I’ll be throwing 301 at all requests, not just the ones that required replacing.

How can I have ACL run against the old request line?



I would just move reqrep to the backend section and leave the redirect in the frontend.



But then how do I pass redirect rule to this redirect? The problem with inline regex in http-request is that it doesn’t support closing square braces as per documentation



I don’t understand what you are saying.

You leave the redirect along with its ACL in the frontend and only move the reqrep to the backend.



I see what you mean, still, if move reqrep away from frontend part then the redirection will be to the same URL as user entered and the point is to redirect user to the new URL.

I know that reqrep modifies the request which is later sent to the backend, but I guess it’s a hack that if you return 301 after you apply reqrep, and redirect user to “/” prefix then you’ll essentially redirect him to the new URL.



So what you are saying is that you don’t need to rewrite at all, you are just trying to redirect with a regexp, and combining the rewrite with a redirect is what you believe should have achieved this, is that what you are saying?

What release are you running anyway, can you share the output of haproxy -vv?



Precisely that’s what I need.

Click to see the config file
HA-Proxy version 1.9.0-2ppa1~xenial 2019/01/08 - https://haproxy.org/
Build options :
  TARGET  = linux2628
  CPU     = generic
  CC      = gcc
  CFLAGS  = -O2 -g -O2 -fPIE -fstack-protector-strong -Wformat -Werror=format-security -Wdate-time -D_FORTIFY_SOURCE=2 -fno-strict-aliasing -Wdeclaration-after-statement -fwrapv -Wno-unused-label -Wno-sign-compare -Wno-unused-parameter -Wno-old-style-declaration -Wno-ignored-qualifiers -Wno-clobbered -Wno-missing-field-initializers -Wtype-limits

Default settings :
  maxconn = 2000, bufsize = 16384, maxrewrite = 1024, maxpollevents = 200

Built with OpenSSL version : OpenSSL 1.0.2g  1 Mar 2016
Running on OpenSSL version : OpenSSL 1.0.2g  1 Mar 2016
OpenSSL library supports TLS extensions : yes
OpenSSL library supports SNI : yes
OpenSSL library supports : TLSv1.0 TLSv1.1 TLSv1.2
Built with Lua version : Lua 5.3.1
Built with network namespace support.
Built with transparent proxy support using: IP_TRANSPARENT IPV6_TRANSPARENT IP_FREEBIND
Built with zlib version : 1.2.8
Running on zlib version : 1.2.8
Compression algorithms supported : identity("identity"), deflate("deflate"), raw-deflate("deflate"), gzip("gzip")
Built with PCRE2 version : 10.21 2016-01-12
PCRE2 library supports JIT : yes
Encrypted password support via crypt(3): yes
Built with multi-threading support.

Available polling systems :
      epoll : pref=300,  test result OK
       poll : pref=200,  test result OK
     select : pref=150,  test result OK
Total: 3 (3 usable), will use epoll.

Available multiplexer protocols :
(protocols marked as <default> cannot be specified using 'proto' keyword)
              h2 : mode=HTX        side=FE|BE
              h2 : mode=HTTP       side=FE
       <default> : mode=HTX        side=FE|BE
       <default> : mode=TCP|HTTP   side=FE|BE

Available filters :
	[SPOE] spoe
	[COMP] compression
	[CACHE] cache
	[TRACE] trace

Also I can’t use regsub like so redirect code 301... regsub(...) because regsub won’t allow me to add ] and ) which essentially doesn’t allow me to do group matching.