Willy, thanks for the reply. I don't think that "-i" had anything to do
with it as I have many ACLs any only two (one good, one erroneous) hosts
that I know of were getting matched and routed to these servers. I was
using curl to test so I don't think capitalization was an issue there.
I'll see if I can reproduce the scenario and let you know what I can find.
-Joe
On 4/23/10 12:16 PM, Willy Tarreau wrote:
> Hi Joe,
>
> On Fri, Apr 23, 2010 at 09:26:56AM -0700, Joe Williams wrote:
>
>> We had a case this morning where an ACL using hdr_beg(host) was matching
>> an host header that didn't actually match afaict.
>>
>> Example:
>>
>> Requests to http://xyz.blah.com and http://abc.blah.com both were
>> getting routed based on the following ACL when only one should have been.
>>
>> acl xyz hdr_beg(host) xyz. or xyz1.
>>
>> After changing the ACL to the following everything worked as expected.
>>
>> acl xyz hdr(host) -i xyz.blah.com
>>
> Are you sure it's the hdr_beg() and not the "-i" which made the difference ?
> Internet host names are case insensitive, so it is possible that your request
> was sent with some upper cases which were not matched by the first line above
> but was OK by the second one.
>
>
>> I am running haproxy 1.3.23 and will also mention my haproxy
>> configuration is *very* large (hundreds of backends and ACLs), if that
>> could have anything to do with it.
>>
> That's unrelated. If you told me that removing one line changed anything
> I could have doubted, but here you just replaced one ACL match with another
> one, so it's not a matter of size. BTW, this week I received a config with
> 52000 ACLs and as many use_backend rules. The only thing I know about it
> was that it was said to be too slow where it was used.
>
> Regards,
> Willy
>
>
-- Name: Joseph A. Williams Email: joe#joetify.com Blog: http://www.joeandmotorboat.com/Received on 2010/04/23 22:38
This archive was generated by hypermail 2.2.0 : 2010/04/23 22:45 CEST