Sure, I think this is a standard solution, if someone else need it:
capture data in request stage (in Frontend or Backend): http-request set-var(txn.req_host) req.hdr(Host) -> capture header host part of the request in variable req_host1 (transaction scope) use data capture in request stage for the response stage (in Frontend or Backend): acl is_something var(txn.req_host) -i www.url1.com<http://www.url1.com> http-response set-header X-Frame-Options SAMEORIGIN if !is_something It is also possible to use capture.req… for some data (ex: capture.req.uri). I found no simple capture.req… solution for Host data. I suppose using “capture” and “vars” is the same for haproxy internals. [APK] [Unione] mlist APKAPPA s.r.l. sede legale Via F. Albani, 21 20149 Milano | p.iva/vat no. IT-08543640158 sede amministrativa e operativa Reggio Emilia (RE) via M. K. Gandhi, 24/A 42123 - sede operativa Magenta (MI) via Milano 89/91 20013 www.apkappa.it<http://www.apkappa.it> Ai sensi e per gli effetti della Legge sulla tutela della riservatezza personale (DL.gs. 196/03 e collegate), questa mail è destinata unicamente alle persone sopra indicate e le informazioni in essa contenute sono da considerarsi strettamente riservate. This email is confidential, do not use the contents for any purpose whatsoever nor disclose them to anyone else. If you are not the intended recipient, you should not copy, modify, distribute or take any action in reliance on it. If you have received this email in error, please notify the sender and delete this email from your system. -----Original Message----- From: Aleksandar Lazic <al-hapr...@none.at> Sent: lunedì 25 giugno 2018 11:40 To: mlist <ml...@apkappa.it>; 'Jarno Huuskonen' <jarno.huusko...@uef.fi> Cc: 'haproxy@formilux.org' <haproxy@formilux.org> Subject: Re: http-response add-header Hi. Am 25.06.2018 um 09:49 schrieb mlist: > You're right. Meanwhile I found a working version using set-vat on > http-request. It would be nice when you share the solution, here or in any blog post, Thank you > Thank you Best regards Aleks > *APKAPPA s.r.l. *sede legale Via F. Albani, 21 20149 Milano | p.iva/vat no. > IT-08543640158 > > sede amministrativa e operativa Reggio Emilia (RE) via M. K. Gandhi, 24/A > 42123 > - sede operativa Magenta (MI) via Milano 89/91 20013 > www.apkappa.it<http://www.apkappa.it> <http://www.apkappa.it> > > ** > > > > ** > > > Ai sensi e per gli effetti della Legge sulla tutela della riservatezza > personale > (DL.gs. 196/03 e collegate), questa mail è destinata unicamente alle persone > sopra indicate e le informazioni in essa contenute sono da considerarsi > strettamente riservate. > > This email is confidential, do not use the contents for any purpose whatsoever > nor disclose them to anyone else. If you are not the intended recipient, you > should not copy, modify, distribute or take any action in reliance on it. If > you > have received this email in error, please notify the sender and delete this > email from your system. > > > > > > > -----Original Message----- > From: Jarno Huuskonen <jarno.huusko...@uef.fi<mailto:jarno.huusko...@uef.fi>> > Sent: lunedì 25 giugno 2018 09:01 > To: mlist <ml...@apkappa.it<mailto:ml...@apkappa.it>> > Cc: 'haproxy@formilux.org' <haproxy@formilux.org<mailto:haproxy@formilux.org>> > Subject: Re: http-response add-header > > Hi, > > On Sat, Jun 23, mlist wrote: >> using this config no header is added to client from haproxy: >> >> acl is_test hdr_dom(host) -i www.url1.url2.com<http://www.url1.url2.com> >> >> http-response add-header X-Custom-Header YES if is_test > > Most likely the host header is not available for the http-response/acl. > > For example with this config: > frontend test_fe > bind ipv4@127.0.0.1:8080<mailto:ipv4@127.0.0.1:8080> > acl is_test hdr_dom(host) -i www.url1.url2.com<http://www.url1.url2.com> > http-response add-header X-Custom-Header YES if is_test > default_backend test_be > > backend test_be > http-request deny deny_status 200 > > haproxy complains: > [WARNING] 175/094858 (14971) : parsing [tmp_resp_header.conf:24] : acl > 'is_test' > will never match because it only involves keywords that are incompatible with > 'frontend http-response header rule' > > You can use captures / variables to "store" the host header: > https://www.haproxy.com/blog/whats-new-in-haproxy-1-6/ > > So for example: > frontend test_fe > bind ipv4@127.0.0.1:8080<mailto:ipv4@127.0.0.1:8080> > declare capture request len 64 > http-request capture req.hdr(Host) id 0 > acl is_test capture.req.hdr(0) -m beg -i > www.url1.url2.com<http://www.url1.url2.com> > http-response add-header X-Custom-Header YES if is_test > > -Jarno > > -- > Jarno Huuskonen >
