HTTP Response Body Inspection and matching string in acl

praveenkumar.2608 · July 7, 2020, 2:09pm

Hi,

I am terminating the SSL in haproxy and send the request received to backend server which is again running on https.

I want to inspect the payload on every response received from backend server and match a particular string in payload, if match I want to drop that response.

I have following configuration on my backend

backend events
mode http
option forwardfor
option http-buffer-request
tcp-response inspect-delay 5s
acl payloadmatch res.payload(0,100000) -m bin 7072617665656e
# acl payloadmatch res.payload(0,100000),hex -m sub 7072617665656e
http-response deny if payloadmatch
server events management.xxxyyy.com:443 check ssl verify none

But the above configuration is not working, still I am getting response instead of denying it.

lukastribus · July 7, 2020, 8:47pm

You can’t, this is not supported.

praveenkumar.2608 · July 8, 2020, 2:51am

As per configuration document, res.payload(offset, length) option is available. Could you please let me know is there any option available to match a string in the response body.

lukastribus · July 8, 2020, 6:54am

And res.payload looks at a specific, static offset in the buffer, which is why it doesn’t work for this purpose.

I don’t have a suggestion for you, because this cannot be done with vanilla haproxy features. Now if you want to write a custom SPOE agent or a LUA script, that could probably achieve something like this. But I don’t have any ready-for-use solutions for you.

Topic		Replies	Views
Haproxy Scan Response Body Help!	0	351	July 23, 2019
Matching TCP payloads is not working Help!	4	2959	November 27, 2019
Query string not matching in ACL Help!	1	2177	February 22, 2017
Cannot configure ACL Help!	2	582	June 27, 2019
Redirect to backend comparing requests and host in a file Help!	4	1043	May 3, 2022

HTTP Response Body Inspection and matching string in acl

Related Topics