Re: using rsprep to change response status affects other ACL's

From: Jeremy Hinegardner <jeremy#hinegardner.org>
Date: Mon, 12 Jul 2010 09:10:06 -0600


Hi Willy,

On Sat, Jul 10, 2010 at 09:37:19AM +0200, Willy Tarreau wrote:
> Hi Jeremy,
>
> On Fri, Jul 09, 2010 at 03:55:53PM -0600, Jeremy Hinegardner wrote:
> > I just want to make sure that this is the expected behavior:
> >
> > [root#tt3 ~]# haproxy -v
> > HA-Proxy version 1.4.8 2010/06/16
> >
> > And the snippet of a config showing the behavior. If the response from
> > the server is a 404, we want to change the status to 555. If the status
> > is 555 add a Location header:
> >
> > frontend main *:80
> > default_backend site1
> >
> > backend site1
> > acl not_found status 404
> > acl bizzare_status status 555
> >
> > rspadd X-Wibble:\ bizzare if bizzare_status
> > rspadd X-Wibble:\ not_found if not_found
> >
> > rsprep ^HTTP/1.1\ 404\ (.*)$ HTTP/1.1\ 555\ Bizzare if not_found
> >
> >
> > server site1 127.0.0.1:81 check
> >
> > Curl session against a haproxy with the above config:
> >
> > % curl --verbose --silent http://tt3/foo.html > /dev/null
> > * About to connect() to tt3 port 80 (#0)
> > * Trying 10.10.12.17... connected
> > * Connected to tt3 (10.10.12.17) port 80 (#0)
> > > GET /foo.html HTTP/1.1
> > > User-Agent: curl/7.20.0 (i386-apple-darwin10.3.0) libcurl/7.20.0 OpenSSL/0.9.8n zlib/1.2.5 libidn/1.18
> > > Host: tt3
> > > Accept: */*
> > >
> > < HTTP/1.1 555 Bizzare
> > < Server: nginx/0.6.39
> > < Date: Fri, 09 Jul 2010 21:36:54 GMT
> > < Content-Type: text/html
> > < Content-Length: 3653
> > < Connection: close
> > < X-Wibble: bizzare
> > <
> > { [data not shown]
> > * Closing connection #0
> >
> > What this appears to show, is that both of the status based ACL's are
> > satisfied at different times. That is, it appears that the following happens:
> >
> > - request sent to site1 and site1 response with a 404
> > - at this point acl 'not_found' is true, which means that
> > acl 'bizzare_status' must be false
> > - rsprep changes the 404 response to a 555
> > - rspadd adds 'X-Wibble: bizzare' header, which means that
> > acl 'bizzare_status' was true
> >
> > I'm okay with this, and can work with it. I just want to make sure that this
> > is the expected behavior.
>
>
> Yes, I confirm this is how it works. reqadd/rspadd are processed last.
> That's the reason I'd like to add "inbound" and "outbound" processing,
> it would somewhat help for such border cases.
>

Thanks, this is good to know

-jeremy 

-- 
========================================================================
 Jeremy Hinegardner                              jeremy#hinegardner.org
Received on 2010/07/12 17:10

This archive was generated by hypermail 2.2.0 : 2010/07/12 17:15 CEST