HAProxy community

How to allow http requests containing specific header name and value

I am trying to setup a haproxy where I want to check the request http header and allow the incoming requests only if they contain particular header name and value? How can I achieve that?

Basically in the below example, I am trying to filter out requests that contains header name “x-abc-seprotection”. Is this a correct configuration to achieve what I am trying to achieve?

acl allow_users req.hdr(x-abc-seprotection)
use_backend backend_servers if allow_users

No, req.hdr(x-abc-seprotection) is the content of the header, not a boolean of it’s presence.
use_backend is for backend selection, not for denying request.

I suggest:

acl forbidden_header hdr_cnt(x-abc-seprotection) eq 0
http-request deny if forbidden_header

Okay sure . Let me try that out.

Also, by “content of the header” do you mean the header value?

Now suppose if I wish to filter out requests by matching both the header name and value, in that case can I use req.hdr(x-abc-seprotection) to get the value of x-abc-seprotection?

Yes, I mean the header value.

Matching the value would look like this:
req.hdr(x-abc-seprotection) -m str HeaderValue

You can read more about this in the docs:
https://cbonte.github.io/haproxy-dconv/2.0/configuration.html#7

great. Thanks.
I will try out your suggestion and let you know.

:slight_smile: