Problem with ACL routing

Pavlo · June 9, 2023, 2:20pm

I created a simple config for tests.

frontend main-api
  mode http
  option httplog
  bind *:8080
  option forwardfor
  acl prod hdr(host) -i api-bcf-prod.<domain>
  acl tst hdr(host) -i api-bcf-tst.<domain>

#PROD Env
  use_backend main-api-prod if prod

#TST Env
  use_backend main-api-tst if tst

#  default_backend main-api-prod

backend main-api-prod
  mode http
  option httplog
  option forwardfor
  server main-api-prod bcf-lb-prod.service.consul:80 check inter 5s rise 5 fall 5

backend main-api-tst
  mode http
  option httplog
  option forwardfor
  server main-api-tst bcf-lb-prod.service.consul:81 check inter 5s rise 5 fall 5

where “domain” - this is public domain
when i trying to connect
curl http://api-bcf-prod.“domain”:8080 or
curl http://api-bcf-tst.“domain”:8080
i get error -

<html><body><h1>503 Service Unavailable</h1>
No server is available to handle this request.
</body></html>

If i set

default_backend main-api-prod

i can get only main-api-prod in both request’s.

lukastribus · June 9, 2023, 2:27pm

If you specify a non standard port, your host header will be non-standard too.

$ curl -v 10.0.0.25:1880
*   Trying 10.0.0.25:1880...
* Connected to 10.0.0.25 (10.0.0.25) port 1880 (#0)
> GET / HTTP/1.1
> Host: 10.0.0.25:1880
> User-Agent: curl/8.0.1
> Accept: */*

Include the port in the ACL statement, or use something like -m beg to only match the first part of the host header.

Pavlo · June 10, 2023, 8:50am

Great and simple! Thanks a lot.

Topic		Replies	Views
Default server/backend for requests do not match ACLs Help!	8	4780	May 17, 2016
TCP with ACL possible? Help!	5	15371	July 4, 2021
Combination of path_beg and hdr not working Help!	2	2642	February 3, 2019
TCP mode ACL does not kick in Help!	5	337	August 16, 2021
Acl hdr(host) seem to be not working , How to debug? Help!	0	3514	June 14, 2018

Problem with ACL routing

Related Topics