Hi, Thx for your help.
But now I’ve an other issue. When we put on a bottom in form, the url is : http://foo.domain.com:42/index.htm. I want rewrite url like this : http://foo.domain.com/index.htm For this operation, I use the function rspirep in backend (LB) rspirep ^Location:\ (.*):30200(.*) Location:\ \1\2 But without success. Cordialement, -- Thibault Labrut enioka 24 galerie Saint-Marc 75002 Paris +33 615 700 935 +33 144 618 314 De : Thierry <t...@thierry.1s.fr> Date : jeudi 11 juin 2015 17:21 À : Thibault Labrut <thibault.lab...@enioka.com> Cc : "haproxy@formilux.org" <haproxy@formilux.org> Objet : Re: Need help about ACLs settings On Thu, 11 Jun 2015 16:51:14 +0200 Thibault Labrut <thibault.lab...@enioka.com> wrote: > Hi Thierry, > > If I understand your propsition, my settings shourld be like this : You must add "option forwardfor" in the RP frontend. Thierry > > RP settings (no change) > > # Frontend > frontend http_test > bind xx.xx.xx.xx:42 > capture request header Host len 200 > > # ACL > acl acl_test src 12.34.56.78 (IP client) > use_backend test if acl_test > > # Backend > backend test > server srv_ test test.maycompany.local:42 check > > > LB settings > # Frontend > frontend http_test > bind xx.xx.xx.xx:42 > capture request header Host len 200 > > # ACL (new acl setting) > acl acl_test fhdr(x-forwarded-for) -m ipv4 12.34.56.78 > use_backend test if acl_test > > # Backend > backend test > balance roundrobin > server test01 xx.xx.xx.xx:42 check > server test02 xx.xx.xx.xx:42 check > > Thibault Labrut. > > De : Thierry FOURNIER <tfourn...@haproxy.com> > Date : jeudi 11 juin 2015 11:56 > À : Thibault Labrut <t.lab...@pickup-services.com> > Cc : "haproxy@formilux.org" <haproxy@formilux.org> > Objet : Re: Need help about ACLs settings > > On Thu, 11 Jun 2015 09:06:43 +0000 > Thibault LABRUT <t.lab...@pickup-services.com> wrote: > >> > Hello, >> > >> > I¹m going to install HA Proxy. >> > >> > My architecture is as folows : >> > - 2 servers in DMZ => reverse proxy (RP) >> > - 2 servers in LAN => Load balancing (LB) >> > >> > Several applications contact RP with different IP adress but with always de >> > same port. >> > >> > With the settings as below the connection is up : >> > >> > RP settings >> > >> > # Frontend >> > frontend http_test >> > bind xx.xx.xx.xx:42 >> > capture request header Host len 200 >> > default_backend test >> > >> > # Backend >> > backend test >> > server srv_ test test.maycompany.local:42 check >> > >> > LB settings >> > >> > # Frontend >> > frontend http_test >> > bind xx.xx.xx.xx:42 >> > capture request header Host len 200 >> > default_backend test >> > >> > # Backend >> > backend test >> > balance roundrobin >> > server test01 xx.xx.xx.xx:42 check >> > server test02 xx.xx.xx.xx:42 check >> > >> > But in this case the connection is down : >> > >> > # Frontend >> > frontend http_test >> > bind xx.xx.xx.xx:42 >> > capture request header Host len 200 >> > >> > # ACL >> > acl acl_test src 12.34.56.78 (IP client) >> > use_backend test if acl_test >> > >> > # Backend >> > backend test >> > server srv_ test test.maycompany.local:42 check >> > >> > LB settings >> > >> > # Frontend >> > frontend http_test >> > bind xx.xx.xx.xx:42 >> > capture request header Host len 200 >> > >> > # ACL >> > acl acl_test src 12.34.56.78 >> > use_backend test if acl_test >> > >> > # Backend >> > backend test >> > balance roundrobin >> > server test01 xx.xx.xx.xx:42 check >> > server test02 xx.xx.xx.xx:42 check >> > >> > Can you say me what is the problem with my settings? >> > > > > Hi, > > If I understand, you have two HAProxy chained, RP is in front and LB is > in back. > > In this case, the connexions received by the LB load balancer cannot > known the original IP source, because the connexions are established by > the LB load balancer with its own IP. > > You can use the header "x-forwarded-for" for string the original ip > source. The directive is "option forwardfor". On the LB HAProxy, you > can use a sample taht returns the content of the header > x-forwarded-for, like this: > > acl acl_test fhdr(x-forwarded-for) -m ipv4 12.34.56.78 > > best regards > Thierry > > >> > Best Regards, >> > >> > Thibault Labrut. > > >
