Hello, So Iâm attempting to implement an http proxy using the relay rules of relayd. The scenario that we have is that there are several boxes behind a firewall all of which have different sites on them The firewall terminates HTTP connections in relay and passes the request on to the relevant box based on the Host header in the request.
So for example an http request to foo might be relayed to box1, bar to box 2 and baz to box3. Our prototype was fairly successful, using a degree of * in the value field for Host header, however we have come across some puzzling behaviour. When querying foo, we get the correct output from the foo server. When querying bar or baz, we only get output from the baz server. Initially we had a more conveluted configuration, but progressively as things failed to behave we stripped out more and more, until we ended up with the current file that looks like the one below (no points for pointing out the fact that these dns records are nonsense values - all our test queries are being made direct by IPs, and we are still getting the same results) Our relayd.conf as our proof of concept looks like this: table <foo> { 192.168.2.40 } table <bar> { 192.168.2.45 } table <baz> { 10.128.2.3 } http protocol 'web' { match request quick header 'Host' value 'foo' forward to <foo> match request quick header 'Host' value 'bar' forward to <bar> match request quick header 'Host' value 'baz' forward to <baz> } relay 'extip_plain' { listen on <ext_ip_redacted> port 80 protocol 'web' forward to <baz> port 80 forward to <bar> port 80 forward to <foo> port 80 } $telnet ext_ip 80 Trying ext_ip ... Connected to ext_ip. Escape character is '^]'. GET / HTTP/1.1 Host: foo HTTP/1.1 200 <response from foo> telnet ext_ip 80 Trying ext_ip... Connected to ext_ip Escape character is '^]'. GET / HTTP/1.1 Host: bar HTTP/1.1 200 <response from bar> telnet ext_ip 80 Trying ext_ip... Connected to ext_ip. Escape character is '^]'. GET / HTTP/1.1 Host: baz HTTP/1.1 200 <response from _bar_> Having had a good search and read throughof anything I can get my hands on related to this on the internet, I have been surprised to find that there isn't a great deal of relevant documentation out there - which is possibly why we are getting stumped. Any suggestions on what we are doing wrong would be greatly received. -- Stuart Harland