Netgate SG-1000 microFirewall

Author Topic: [Solved] Can't get ACL to match on Haproxy  (Read 873 times)

0 Members and 1 Guest are viewing this topic.

Offline Trel

  • Sr. Member
  • ****
  • Posts: 368
  • Karma: +11/-1
    • View Profile
[Solved] Can't get ACL to match on Haproxy
« on: February 01, 2016, 01:31:49 pm »
I'm have an issue getting an ACL to work.

I've tried using Host Matches and Host Contains

The domain I'm testing with is: http://psho.co:8080/ (or http://psho.co:8080/radio/) and I have a second domain also pointed at that server which shows the same page.
Both show 503.

I'm attaching a screenshot of the settings

Now, if I check the "NOT" box to invert the match on the ACL, http://psho.co:8080/ shows the intended page, however, do does the completely different domain I also have pointed to it.

I can't figure out what I'm doing wrong here.

Addititionally, I ran a packet capture to verify that the host is set correctly in the requests and it's requesting
Code: [Select]
GET /radio/ HTTP/1.1
Host: psho.co:8080
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64; rv:43.0) Gecko/20100101 Firefox/43.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Connection: keep-alive
Cache-Control: max-age=0

So I'm not sure what I'm doing wrong.

(I'm using the Devel package which says it's actually 1.6 stable)
« Last Edit: February 01, 2016, 03:10:05 pm by Trel »

Offline Trel

  • Sr. Member
  • ****
  • Posts: 368
  • Karma: +11/-1
    • View Profile
Re: [Solved] Can't get ACL to match on Haproxy
« Reply #1 on: February 01, 2016, 03:10:51 pm »
I don't know why host contains fails, but with host matches, psho.co:8080 works.

Offline PiBa

  • Hero Member
  • *****
  • Posts: 869
  • Karma: +140/-1
  • PiBa-NL(on IRC)
    • View Profile
Re: [Solved] Can't get ACL to match on Haproxy
« Reply #2 on: February 01, 2016, 05:02:10 pm »
Looks like a bug.. I'm writing hdr_dir in the config, that should of course been hdr_sub..  :o
Will fix that soon in a new version.

p.s. If you find other 'wierd' behavior let me know :).

Regards,
PiBa-NL

Offline Trel

  • Sr. Member
  • ****
  • Posts: 368
  • Karma: +11/-1
    • View Profile
Re: [Solved] Can't get ACL to match on Haproxy
« Reply #3 on: May 09, 2016, 08:57:37 am »
Looks like a bug.. I'm writing hdr_dir in the config, that should of course been hdr_sub..  :o
Will fix that soon in a new version.

p.s. If you find other 'wierd' behavior let me know :).

Regards,
PiBa-NL

Is this fixed in the latest devel version?  I see there's an update available.
I don't want to mess with it unless it's fixed as my current setup is "working" at the moment.

Offline PiBa

  • Hero Member
  • *****
  • Posts: 869
  • Karma: +140/-1
  • PiBa-NL(on IRC)
    • View Profile

Offline Trel

  • Sr. Member
  • ****
  • Posts: 368
  • Karma: +11/-1
    • View Profile