I am currently using haproxy 1.8.25 to loadbalance our gerrit server. I have a requirement where I need to redirect the incoming requests specifically from couple of service accounts to the main server while rest of the traffic goes to read-only servers.
I am able to match the service account username when basic auth is used to authenticate using below ACL.
acl allow-user req.fhdr(Authorization),regsub(^Basic\s+,i),b64dec,regsub(:.+,) eq ‘service-account’
use backend gerrit-master if allow-user
but the problem is these service accounts use digest authentication and hence above ACL doesn’t work. Is there any other way to achieve this? Any help will be highly appreciated.