Let’s have following backend configuration:
HAProxy version 2.4.24-0ubuntu0.22.04.1 2023/10/31 - https://haproxy.org/
backend back-test
http-request set-var(req.instance) hdr(X-Instance-Name)
http-request set-var(req.instance) urlp(instanceName) unless { var(req.instance) -m found }
# force-persist if { var(req.instance) -m str 1 2 } #1
# acl acl-force-persist var(req.instance) -m str 1 2 #2
acl acl-force-persist urlp(instanceName) -m str 1 2
acl acl-force-persist hdr(X-Push-Service-Instance-Name) -m str 1 2
force-persist if acl-force-persist
use-server srv-production-1 if { var(req.instance) -m str 1 }
use-server srv-production-2 if { var(req.instance) -m str 2 }
- The lines in comments don’t not work as expected (by me).
- The lines not in comments work correctly.
- The
use-serverstatement behaves correctly depending on threq.instancevariable value, thus I would hope, the inline ACL form is correct also as the variable definition and variable value extracted from header or url parameter at runtime. - The
http-requeststatement also behaves correctly using inline ACL with variable check predicate. - Unfortunately, when the same ACL form is used in
force-persist
statement, it behaves like there is alwaysFALSEprovided (line
#1). - Similarly for the ACL definition itself, it looks like the variable has no value (line
#2), so the ACL must be defined the more verbose/repetitive way (below).
What is wrong with the expectations on the commented lines?
- It is not “legal” to use inline ACL for some of the configuration statements?
- It is not “legal” to use request variables in ACL definition?