relayd layer7 proxy

Wed, 18 Mar 2015 11:56:20 -0700 

Hello,

So I’m attempting to implement an http proxy using the relay rules of
relayd. The scenario that we have is that there are several boxes
behind a firewall all of which have different sites on them
The firewall terminates HTTP connections in relay and passes the
request on to the relevant box based on the Host header in
the request.

So for example an http request to foo might be relayed to box1,
bar to box 2 and baz to box3.

Our prototype was fairly successful, using a degree of * in the value
field for Host header, however we have come across some puzzling
behaviour.

When querying foo, we get the correct output from the foo server.
When querying bar or baz, we only get output from the baz server.

Initially we had a more conveluted configuration, but progressively as
things failed to behave we stripped out more and more, until we ended
up with the current file that looks like the one below (no points for
pointing out the fact that these dns records are nonsense values - all
our test queries are being made direct by IPs, and we are still getting
the same results)


Our relayd.conf as our proof of concept looks like this:

table <foo> { 192.168.2.40 }
table <bar> { 192.168.2.45 }
table <baz> { 10.128.2.3 }

http protocol 'web' {
        match request quick header 'Host' value 'foo' forward to <foo>
        match request quick header 'Host' value 'bar' forward to <bar>
        match request quick header 'Host' value 'baz' forward to <baz>
}

relay 'extip_plain' {
        listen on <ext_ip_redacted> port 80
        protocol 'web'
        forward to <baz> port 80
        forward to <bar> port 80
        forward to <foo> port 80
}


$telnet ext_ip 80
Trying ext_ip ...
Connected to ext_ip.
Escape character is '^]'.
GET / HTTP/1.1
Host: foo

HTTP/1.1 200
<response from foo>

telnet ext_ip 80
Trying ext_ip...
Connected to ext_ip
Escape character is '^]'.
GET / HTTP/1.1
Host: bar

HTTP/1.1 200
<response from bar>

telnet ext_ip 80
Trying ext_ip...
Connected to ext_ip.
Escape character is '^]'.
GET / HTTP/1.1
Host: baz


HTTP/1.1 200
<response from _bar_>


Having had a good search  and read throughof anything I can
get my hands on related to this on the internet, I have been
surprised to find that there isn't a great deal of relevant
documentation out there - which is possibly why we are getting
stumped.

Any suggestions on what we are doing wrong would be greatly
received.


--


Stuart Harland

Reply via email to