Hi,
HA-Proxy version 1.6.3
I’ve been trying several different variations of this:
acl bad_ua hdr(user-agent) -f /etc/haproxy/bad_uas.lst
http-request deny if bad_ua
/bad_uas.lst:
Mozilla/5.0 (Linux; Android) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/34.0.1847.131 Safari/537.36
My issue is that I don’t get match for the full string; it will only match if I strip everything up to and including the comma, like:
like Gecko) Chrome/34.0.1847.131 Safari/537.36
How to I get a match of the full string?
Thanks,
–Chris
Hi Chris,
The reason you are not getting a match for the full string is because with the use of req.hdr(user-agent) or hdr(user-agent) function, any occurrence of comma in the ACL value is used as a delimiter for distinct values.
As a result of this, the below entry in bad_uas.lst file:
Mozilla/5.0 (Linux; Android) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/34.0.1847.131 Safari/537.36
is treated as distinct value:
Mozilla/5.0 (Linux; Android) AppleWebKit/537.36 (KHTML
and
like Gecko) Chrome/34.0.1847.131 Safari/537.36
If you wish to get a match for complete string including comma, you should make use of req.fhdr(user-agent) function.
Your configuration should look like:
acl bad_ua req.fhdr(user-agent) -f /etc/haproxy/bad_uas.lst
http-request deny if bad_ua
Hope this is helpful !
Thanks,
Shivharsh
2 Likes