Hi Chris,
The reason you are not getting a match for the full string is because with the use of req.hdr(user-agent) or hdr(user-agent) function, any occurrence of comma in the ACL value is used as a delimiter for distinct values.
As a result of this, the below entry in bad_uas.lst file:
Mozilla/5.0 (Linux; Android) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/34.0.1847.131 Safari/537.36
is treated as distinct value:
Mozilla/5.0 (Linux; Android) AppleWebKit/537.36 (KHTML
and
like Gecko) Chrome/34.0.1847.131 Safari/537.36
If you wish to get a match for complete string including comma, you should make use of req.fhdr(user-agent) function.
Your configuration should look like:
acl bad_ua req.fhdr(user-agent) -f /etc/haproxy/bad_uas.lst
http-request deny if bad_ua
Hope this is helpful !
Thanks,
Shivharsh