I am trying to setup a haproxy where I want to check the request http header and allow the incoming requests only if they contain particular header name and value? How can I achieve that?
Basically in the below example, I am trying to filter out requests that contains header name “x-abc-seprotection”. Is this a correct configuration to achieve what I am trying to achieve?
acl allow_users req.hdr(x-abc-seprotection)
use_backend backend_servers if allow_users
No, req.hdr(x-abc-seprotection) is the content of the header, not a boolean of it’s presence.
use_backend is for backend selection, not for denying request.
I suggest:
acl forbidden_header hdr_cnt(x-abc-seprotection) eq 0
http-request deny if forbidden_headerOkay sure . Let me try that out.
Also, by “content of the header” do you mean the header value?
Now suppose if I wish to filter out requests by matching both the header name and value, in that case can I use req.hdr(x-abc-seprotection) to get the value of x-abc-seprotection?
Yes, I mean the header value.
Matching the value would look like this:
req.hdr(x-abc-seprotection) -m str HeaderValue
You can read more about this in the docs:
https://cbonte.github.io/haproxy-dconv/2.0/configuration.html#7
great. Thanks.
I will try out your suggestion and let you know.
I have got an additional requirement above this.
User wants to filter based on header values only for certain URLs for ex: https://www.abc.com/xyz
For URLs which doesn’t have /xyz path, they should be allowed to pass without any header based filters.
How can we achieve this?
Please read the documentation.
It would be great if you could point me to the part in documentation where I could find an answer to my question.
The ACL section:
https://cbonte.github.io/haproxy-dconv/2.0/configuration.html#7