Http-request redirect and ACL

spfma.tech · March 25, 2021, 8:49am

Hi,

I would like to add conditional https rewrite to my configuration.

Is there a way to “reconcile” these two things ?

acl acl_tst hdr(host) test-site.domain.com
http-request add-header X-Forwarded-Proto https if { ssl_fc }

WORKING

http-request redirect scheme https if !{ hdr(Host) -i test-site.domain.com } !{ ssl_fc }

#SYNTAX ERROR
http-request redirect scheme https if !{ acl_tst } !{ ssl_fc }

I would like to declare the ACL once and use it everywhere, but is it only possible ?

Regards

lukastribus · March 25, 2021, 12:31pm

http-request redirect scheme https if ! acl_tst  !{ ssl_fc }

spfma.tech · March 25, 2021, 1:07pm

Damn, so easy !
Thank you very much

lukastribus · March 25, 2021, 2:16pm

Reason is: you can reference an ACL directly just by name ( if acl_test ). However when you don’t have an named ACL, but want to directly match something, you use anonymous ACL’s, which you open and close with the { } signs ( if { hdr(host) test-site.domain.com } ). That’s the difference.

spfma.tech · March 25, 2021, 2:21pm

Thanks for this great explanation.

So { } is for a fetch, and “ssl_fc” is one, as is “hdr(host) test-site.domain.com”
but nothing is required for a named ACL.

lukastribus · March 25, 2021, 2:24pm

Could be a fetch, but really any ACL expression you’d otherwise use in the named ACL.

Topic		Replies	Views
Redirect scheme https unless ssl_fc \|\| map -m found Help!	2	874	December 12, 2018
ACL condition with AND Help!	10	40200	November 7, 2018
SSL Redirect - Chained Proxies via Proxy Protocol Help!	2	484	July 3, 2020
Configuration and conditionals Help!	3	786	July 18, 2019
Redirecting to new URL Help!	0	872	July 28, 2016

Http-request redirect and ACL

WORKING

Related Topics