Identifying and Redirecting Traffic Based on User-Agent Header in HAProxy

Hello HAProxy Community,

I’m using HAProxy for my Pfsense and traffic management needs, but I’m facing a challenge when it comes to identifying and redirecting traffic based on the User-Agent header. Specifically, I want to route traffic from a specific device, the Newland NFT10 scanner, to a separate backend server based on its User-Agent header.

Here are the details of my setup:

• HAProxy devel version: 0.62_13
• pfsense 2.7.0

I have tried configuring ACLs in a specific backend in HAProxy, but it seems that the available options for ACL expressions don’t directly support matching the User-Agent header.

(the list of expressions:
host_starts_with
host_ends_with
host_matches
host_regex
host_contains
path_starts_with
path_ends_with
path_matches
path_regex
path_contains
path_dir
url_parameter
ssl_c_verify_code
ssl_c_verify
ssl_c_ca_commonname
source_ip
backendservercount
traffic_is_http
traffic_is_ssl
ssl_sni_matches
ssl_sni_contains
ssl_sni_starts_with
ssl_sni_ends_with
ssl_sni_regex
custom)

I would greatly appreciate any guidance or suggestions on how to achieve this specific use case. Is there a way to match and redirect traffic based on the User-Agent header.

User-Agent is a HTTP header, and to access a full http header you use the req.fhdr fetch.

I’m still a bit confused, and I apologize for my inexperience.

Expression list:

image186×574 4.85 KB

image1136×473 23.8 KB

image228×825 7.43 KB

I wonder, what I should fill in. This is what I have, or I think it should work:

image851×371 23 KB

I’m sorry, I have no idea how that Pfsense webinterface abstraction works and how you need to configure it.

You’d have to reach out to the pfsense community.