HAProxy community

Comma in acl list file


#1

Hi,

HA-Proxy version 1.6.3

I’ve been trying several different variations of this:

acl bad_ua hdr(user-agent) -f /etc/haproxy/bad_uas.lst
http-request deny if bad_ua

/bad_uas.lst:

Mozilla/5.0 (Linux; Android) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/34.0.1847.131 Safari/537.36

My issue is that I don’t get match for the full string; it will only match if I strip everything up to and including the comma, like:

 like Gecko) Chrome/34.0.1847.131 Safari/537.36

How to I get a match of the full string?

Thanks,

–Chris


#2

Hi Chris,

The reason you are not getting a match for the full string is because with the use of req.hdr(user-agent) or hdr(user-agent) function, any occurrence of comma in the ACL value is used as a delimiter for distinct values.

As a result of this, the below entry in bad_uas.lst file:
Mozilla/5.0 (Linux; Android) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/34.0.1847.131 Safari/537.36

is treated as distinct value:
Mozilla/5.0 (Linux; Android) AppleWebKit/537.36 (KHTML
and
like Gecko) Chrome/34.0.1847.131 Safari/537.36

If you wish to get a match for complete string including comma, you should make use of req.fhdr(user-agent) function.

Your configuration should look like:

acl bad_ua req.fhdr(user-agent) -f /etc/haproxy/bad_uas.lst
http-request deny if bad_ua

Hope this is helpful !

Thanks,
Shivharsh