Http-request redirect and ACL

spfma.tech · March 25, 2021, 8:49am

Hi,

I would like to add conditional https rewrite to my configuration.

Is there a way to “reconcile” these two things ?

acl acl_tst hdr(host) test-site.domain.com
http-request add-header X-Forwarded-Proto https if { ssl_fc }

WORKING

http-request redirect scheme https if !{ hdr(Host) -i test-site.domain.com } !{ ssl_fc }

#SYNTAX ERROR
http-request redirect scheme https if !{ acl_tst } !{ ssl_fc }

I would like to declare the ACL once and use it everywhere, but is it only possible ?

Regards

lukastribus · March 25, 2021, 12:31pm

http-request redirect scheme https if ! acl_tst  !{ ssl_fc }

spfma.tech · March 25, 2021, 1:07pm

Damn, so easy !
Thank you very much

lukastribus · March 25, 2021, 2:16pm

Reason is: you can reference an ACL directly just by name ( if acl_test ). However when you don’t have an named ACL, but want to directly match something, you use anonymous ACL’s, which you open and close with the { } signs ( if { hdr(host) test-site.domain.com } ). That’s the difference.

spfma.tech · March 25, 2021, 2:21pm

Thanks for this great explanation.

So { } is for a fetch, and “ssl_fc” is one, as is “hdr(host) test-site.domain.com”
but nothing is required for a named ACL.

lukastribus · March 25, 2021, 2:24pm

Could be a fetch, but really any ACL expression you’d otherwise use in the named ACL.

Topic		Replies	Views
ACL condition with AND Help!	10	36734	November 7, 2018
Configuration and conditionals Help!	3	576	July 18, 2019
URL redirect with acl Help!	1	612	July 16, 2021
I have a HTTPS server and want to redirect the specific request based on the URL to my Backend server Help!	7	18676	April 13, 2018
Redirect all requests without a path Help!	2	333	October 25, 2023

Http-request redirect and ACL

WORKING

Related Topics