Hi,
I would like to add conditional https rewrite to my configuration.
Is there a way to “reconcile” these two things ?
acl acl_tst hdr(host) test-site.domain.com
http-request add-header X-Forwarded-Proto https if { ssl_fc }
WORKING
http-request redirect scheme https if !{ hdr(Host) -i test-site.domain.com } !{ ssl_fc }
#SYNTAX ERROR
http-request redirect scheme https if !{ acl_tst } !{ ssl_fc }
I would like to declare the ACL once and use it everywhere, but is it only possible ?
Regards
http-request redirect scheme https if ! acl_tst !{ ssl_fc }
Damn, so easy !
Thank you very much
Reason is: you can reference an ACL directly just by name ( if acl_test
). However when you don’t have an named ACL, but want to directly match something, you use anonymous ACL’s, which you open and close with the { }
signs ( if { hdr(host) test-site.domain.com }
). That’s the difference.
Thanks for this great explanation.
So { } is for a fetch, and “ssl_fc” is one, as is “hdr(host) test-site.domain.com”
but nothing is required for a named ACL.
Could be a fetch, but really any ACL expression you’d otherwise use in the named ACL.