HAProxy community

Help me with ACL


#1

I got:
acl host_bacon hdr(host) -i re*****.l*e.
acl host_milkshake hdr(host) -i u.y***.***
use_backend bacon_cluster if host_bacon
^^ alreday.

I want the folder “reports” in host_bacon to go to another server. Only the folder “reports”.
How to make this?


#2

Use path_beg and combine the ACLs in another use_backend statement:

acl folder-reports path_beg /reports/
acl host_bacon hdr(host) -i re*****.l* **e.**
acl host_milkshake hdr(host) -i u.y***.***
use_backend another_server if host_bacon folder-reports
use_backend bacon_cluster if host_bacon

#3

I get this error:

503 Service Unavailable

No server is available to handle this request.

It works on /reports. But then i go into other folds in the webserver I get 503 error.


#4

That was an example above. You need to read, understand and have the corresponding backend for that ACL statement.

Share the entire configuration if you have additional questions.


#5
frontend http-in
    bind :::80

    # Define hosts
    acl reports_cluster path_beg /reports/
    acl host_bacon hdr(host) -i reports.*****.**
    acl host_milkshakes hdr(host) -i u.*****.**

    #2
    use_backend bacon_cluster if host_bacon
    use_backend bacon_cluster if host_bacon

backend bacon_cluster
    balance leastconn
    option http-server-close
    option forwardfor
    cookie JSESSIONID prefix
    server node1 79.***.**.***:88 cookie A check

backend milshake_cluster
    balance leastconn
    option http-server-close
    option forwardfor
    cookie JSESSIONID prefix
    server node1 79.***.**.***:89 cookie A check

backend reports_cluster
    balance leastconn
    option http-server-close
    option forwardfor
    cookie JSESSIONID prefix
    server node1 92.***.*'6.*19:80 cookie A check

My config.
When i go into reports../reports in my web browser, and go to /reports, I want it to go to the server 92..6.*:80.
The folder reports to go to the IP-address 92.
Have a great day.


#6
 use_backend reports_cluster if host_bacon reports_cluster

Not that you are using reports_cluster as name for the backend and as ACL name. That’s highly confusing, please don’t do this.


#7

Hi.

Sorry for confusing you.
I did sorted everyting in my config - and then it worked! :wink:
Thank you :smiley:

But I do got a little problem now.
When I test if the proxy leaks the webserver IP-address, it unfortunately does.
Server IP: 92.6…

How to hide this?


#8

I don’t know what that means, can you elaborate?

The webserver will always see the IP address of haproxy, unless you send X-Forwarded-For header or the PROXY protocol to the backend webserver and that webserver uses it instead of the source IP address of the socket.


#9

I created a phpinfo.php on the web server/IP-address, (the web server that handles specific /reports folder.)
On “SERVER_ADDR” it shows the IP-address of the webserver.
How can I hide it?

Is it possible to make this IP-address to a “192.168.1.x” IP-address for example?
It’s a VPS, virtualization OpenVZ.


#10

This has nothing to do with haproxy at all.

You are in control of the webserver, to not show SERVER_ADDR, just don’t provide any publicly available script showing that variable, especially a phpinfo file.

But again, this is completely unrelated to haproxy.