Http-request redirect and ACL

spfma.tech · March 25, 2021, 8:49am

Hi,

I would like to add conditional https rewrite to my configuration.

Is there a way to “reconcile” these two things ?

acl acl_tst hdr(host) test-site.domain.com
http-request add-header X-Forwarded-Proto https if { ssl_fc }

WORKING

http-request redirect scheme https if !{ hdr(Host) -i test-site.domain.com } !{ ssl_fc }

#SYNTAX ERROR
http-request redirect scheme https if !{ acl_tst } !{ ssl_fc }

I would like to declare the ACL once and use it everywhere, but is it only possible ?

Regards

lukastribus · March 25, 2021, 12:31pm

http-request redirect scheme https if ! acl_tst  !{ ssl_fc }

spfma.tech · March 25, 2021, 1:07pm

Damn, so easy !
Thank you very much

lukastribus · March 25, 2021, 2:16pm

Reason is: you can reference an ACL directly just by name ( if acl_test ). However when you don’t have an named ACL, but want to directly match something, you use anonymous ACL’s, which you open and close with the { } signs ( if { hdr(host) test-site.domain.com } ). That’s the difference.

spfma.tech · March 25, 2021, 2:21pm

Thanks for this great explanation.

So { } is for a fetch, and “ssl_fc” is one, as is “hdr(host) test-site.domain.com”
but nothing is required for a named ACL.

lukastribus · March 25, 2021, 2:24pm

Could be a fetch, but really any ACL expression you’d otherwise use in the named ACL.

Topic		Replies	Views
Redirect scheme https unless ssl_fc \|\| map -m found Help!	2	887	December 12, 2018
Redirect URI: how to define exakt match, no pattern Help!	2	986	July 26, 2016
Check old path using ACL after replacing it Help!	6	986	April 12, 2019
Help building an ACL Help!	0	588	January 23, 2017
ACL HTTP always returns false Help!	0	1224	February 17, 2016

Http-request redirect and ACL

WORKING

Related topics