Re: Does reqrep work?
Thank you!
Will it work on 1.5.2?
Ul
10.03.2017, 17:26, "Cyril Bonté" :
>> De: "Ульянка Да"
>> À: "Michael Ezzell"
>> Cc: "HAproxy Mailing Lists"
>> Envoyé: Vendredi 10 Mars 2017 14:18:12
>> Objet: Re: Does reqrep work?
>>
>> Thank you!
>> I was too clever to append '/' at the end, without it reqrep works
>> fine.
>> But further I need not just rewrite but redirect it so that client
>> see rewritten URL:
>>
>> acl coll path_beg /ABC/collection/
>> reqrep ^([^\ :]*)\ /ABC/collection/(.*) \1\ /collection/collection_\2
>> redirect prefix / code 301 if coll
>>
>> It seems to me that it doesn't work, ie. browser still shows
>> /ABC/collection...
>
> Indeed, the acl is evaluated after you rewrote the URL, hence it doesn't
> match.
>
> You may prefer something like :
> acl coll path_beg /ABC/collection/
> http-request redirect location
> %[path,regsub(^/ABC/collection/,/collection/collection_)] if coll
>
> btw, haproxy 1.5.2 is quite old, you should plan an upgrade.
>
>> Ul
>>
>> 10.03.2017, 12:45, "Michael Ezzell" :
>>
>> On Mar 10, 2017 4:16 AM, "Ульянка Да" < dekap...@yandex.ru > wrote:
>>
>> Update:
>> reqrep changes requests, but harmfully, that results in error 400
>> (bad request).
>> How to debug the harm keeping in mind that traffic is SSLed?
>>
>> SSL isn't really relevant, because your incorrect rewrite is
>> corrupting the request *inside* HAProxy. The request never leaves
>> the proxy. What you need to remember is that you are rewriting a
>> line in a buffer that contains a raw HTTP request.
>>
>> reqrep ^([^\ :]*)\ /ABC/collection/(.*)/ \1\
>> /collection/collection_\2/
>>
>> You're overlooking the "[space]HTTP/1.x" at the end of the start
>> line.
>>
>> reqrep ^([^\ :]*)\ /ABC/collection/(.*)/(\ HTTP.+)$ \1\
>> /collection/collection_\2/\3
>>
>> Note that your expression as written also only works at all when the
>> path ends with a trailing slash, which may or may not be what you
>> really want. That behavior is preserved in my example.
>>
>> If you're using HAProxy 1.6 or later, there is a simpler solution to
>> use, which looks something like this:
>>
>> http-request set-path
>> %[path,regsub(^/ABC/collection/,/collection/collection/)] if {
>> path_beg /ABC/collection/ }
>>
>> This also differs from your example, since it does not require a
>> trailing slash in the path but would match and rewrite any path
>> beginning with the pattern shown.
Re: Does reqrep work?
Thank you!I was too clever to append '/' at the end, without it reqrep works fine.But further I need not just rewrite but redirect it so that client see rewritten URL: acl coll path_beg /ABC/collection/reqrep ^([^\ :]*)\ /ABC/collection/(.*) \1\ /collection/collection_\2redirect prefix / code 301 if coll It seems to me that it doesn't work, ie. browser still shows /ABC/collection... Ul10.03.2017, 12:45, "Michael Ezzell" :On Mar 10, 2017 4:16 AM, "Ульянка Да" <dekap...@yandex.ru> wrote:Update:
reqrep changes requests, but harmfully, that results in error 400 (bad request).
How to debug the harm keeping in mind that traffic is SSLed?SSL isn't really relevant, because your incorrect rewrite is corrupting the request *inside* HAProxy. The request never leaves the proxy. What you need to remember is that you are rewriting a line in a buffer that contains a raw HTTP request.reqrep ^([^\ :]*)\ /ABC/collection/(.*)/ \1\ /collection/collection_\2/You're overlooking the "[space]HTTP/1.x" at the end of the start line.reqrep ^([^\ :]*)\ /ABC/collection/(.*)/(\ HTTP.+)$ \1\ /collection/collection_\2/\3Note that your _expression_ as written also only works at all when the path ends with a trailing slash, which may or may not be what you really want. That behavior is preserved in my example.If you're using HAProxy 1.6 or later, there is a simpler solution to use, which looks something like this:http-request set-path %[path,regsub(^/ABC/collection/,/collection/collection/)] if { path_beg /ABC/collection/ }This also differs from your example, since it does not require a trailing slash in the path but would match and rewrite any path beginning with the pattern shown.
Re: Does reqrep work?
Update: reqrep changes requests, but harmfully, that results in error 400 (bad request). How to debug the harm keeping in mind that traffic is SSLed? Ul 09.03.2017, 17:34, "Ульянка Да" : > Hi, > > I wonder if reqrep works? > I need to replace request /ABC/collection/XXX/ to /collection/collection_XXX/ > So I have the following line in my haproxy.cfg: > > reqrep ^([^\ :]*)\ /ABC/collection/(.*)/ \1\ /collection/collection_\2/ > > But instead of substitution I got nothing but error 400: > > Mar 9 17:12:46 localhost haproxy[16670]: 185.94.108.37:41710 > [09/Mar/2017:17:12:46.373] fe~ be/srv1 518/0/0/1/519 400 2764 - - > 446/432/26/13/0 0/0 "GET /ABC/collection/1592/ HTTP/1.1" > > What is wrong, please? > > haproxy -vv: > > HA-Proxy version 1.5.2 2014/07/12 > Copyright 2000-2014 Willy Tarreau > > Build options : > TARGET = linux2628 > CPU = generic > CC = gcc > CFLAGS = -O2 -g -fno-strict-aliasing > OPTIONS = USE_LINUX_TPROXY=1 USE_ZLIB=1 USE_REGPARM=1 USE_OPENSSL=1 > USE_PCRE=1 > > Default settings : > maxconn = 2000, bufsize = 16384, maxrewrite = 8192, maxpollevents = 200 > > Encrypted password support via crypt(3): yes > Built with zlib version : 1.2.3 > Compression algorithms supported : identity, deflate, gzip > Built with OpenSSL version : OpenSSL 1.0.1e-fips 11 Feb 2013 > Running on OpenSSL version : OpenSSL 1.0.1e-fips 11 Feb 2013 > OpenSSL library supports TLS extensions : yes > OpenSSL library supports SNI : yes > OpenSSL library supports prefer-server-ciphers : yes > Built with PCRE version : 7.8 2008-09-05 > PCRE library supports JIT : no (USE_PCRE_JIT not set) > Built with transparent proxy support using: IP_TRANSPARENT IPV6_TRANSPARENT > IP_FREEBIND > > Available polling systems : > epoll : pref=300, test result OK > poll : pref=200, test result OK > select : pref=150, test result OK > Total: 3 (3 usable), will use epoll.
Does reqrep work?
Hi, I wonder if reqrep works? I need to replace request /ABC/collection/XXX/ to /collection/collection_XXX/ So I have the following line in my haproxy.cfg: reqrep ^([^\ :]*)\ /ABC/collection/(.*)/ \1\ /collection/collection_\2/ But instead of substitution I got nothing but error 400: Mar 9 17:12:46 localhost haproxy[16670]: 185.94.108.37:41710 [09/Mar/2017:17:12:46.373] fe~ be/srv1 518/0/0/1/519 400 2764 - - 446/432/26/13/0 0/0 "GET /ABC/collection/1592/ HTTP/1.1" What is wrong, please? haproxy -vv: HA-Proxy version 1.5.2 2014/07/12 Copyright 2000-2014 Willy Tarreau Build options : TARGET = linux2628 CPU = generic CC = gcc CFLAGS = -O2 -g -fno-strict-aliasing OPTIONS = USE_LINUX_TPROXY=1 USE_ZLIB=1 USE_REGPARM=1 USE_OPENSSL=1 USE_PCRE=1 Default settings : maxconn = 2000, bufsize = 16384, maxrewrite = 8192, maxpollevents = 200 Encrypted password support via crypt(3): yes Built with zlib version : 1.2.3 Compression algorithms supported : identity, deflate, gzip Built with OpenSSL version : OpenSSL 1.0.1e-fips 11 Feb 2013 Running on OpenSSL version : OpenSSL 1.0.1e-fips 11 Feb 2013 OpenSSL library supports TLS extensions : yes OpenSSL library supports SNI : yes OpenSSL library supports prefer-server-ciphers : yes Built with PCRE version : 7.8 2008-09-05 PCRE library supports JIT : no (USE_PCRE_JIT not set) Built with transparent proxy support using: IP_TRANSPARENT IPV6_TRANSPARENT IP_FREEBIND Available polling systems : epoll : pref=300, test result OK poll : pref=200, test result OK select : pref=150, test result OK Total: 3 (3 usable), will use epoll.
