RE: Matching URLs at layer 7

From: Andrew Commons <andrew.commons#bigpond.com>
Date: Wed, 28 Apr 2010 19:12:40 +0930


Hi Beni,

Thank for responding :-)

The doco states that:

url_beg <string>
  Returns true when the URL begins with one of the strings. This can be used to   check whether a URL begins with a slash or with a protocol scheme.

So I'm assuming that "protocol scheme" means http:// or ftp:// or whatever....

Other parts of the documentation state that:

url_ip <ip_address>
  Applies to the IP address specified in the absolute URI in an HTTP request.   It can be used to prevent access to certain resources such as local network.   It is useful with option "http_proxy".

url_port <integer>
  Applies to the port specified in the absolute URI in an HTTP request. It can   be used to prevent access to certain resources. It is useful with option   "http_proxy". Note that if the port is not specified in the request, port 80   is assumed.

So I've been assuming that anything starting with url_ refers to the whole user supplied string parameters and all...

This seems to be reinforced (I think!) by:

url_dom <string>
  Returns true when one of the strings is found isolated or delimited with dots   in the URL. This is used to perform domain name matching without the risk of   wrong match due to colliding prefixes. See also "url_sub".

Which sure looks like the host portion to me!

If I'm suffering from a bit of 'brain fade' here just set me on the right road :-) If the url_ criteria have different interpretations in terms of what the 'url' is then let's find out what these are!

Cheers
Andrew

-----Original Message-----
From: myselph#gmail.com [mailto:myselph#gmail.com] On Behalf Of Benedikt Fraunhofer Sent: Wednesday, 28 April 2010 6:23 PM
To: Andrew Commons
Cc: haproxy#formilux.org
Subject: Re: Matching URLs at layer 7

Hi *,

2010/4/28 Andrew Commons <andrew.commons#bigpond.com>:
> acl xxx_url url_beg -i http://xxx.example.com
> acl xxx_url url_sub -i xxx.example.com
> acl xxx_url url_dom -i xxx.example.com

The Url is the part of the URI without the host :) A http request looks like

 GET /index.html HTTP/1.0
 Host: www.example.com

so you can't use url_beg to match on the host unless you somehow construct your urls to look like
 http://www.example.com/www.example.com/ but don't do that :)

so what you want is something like chaining acl xxx_host hdr(Host) ....
acl xxx_urlbe1 url_begin /toBE1/
use_backend BE1 if xxx_host xxx_urlbe1
?

Cheers

  Beni. Received on 2010/04/28 11:42

This archive was generated by hypermail 2.2.0 : 2010/04/28 11:45 CEST