I have issue with my haproxy that running on my Ubuntu 16.04, i want to set static token to both environment on my server.
I am using path_beg and ssl_fc_sni
this is my config
frontend https
bind *:443 ssl crt /etc/ssl/mykey.pem
acl url_staging path_beg /123456
use_backend staging if { ssl_fc_sni staging.com AND url_staging }
acl url_production path_beg /789012
use_backend production if { ssl_fc_sni production.com AND url_production }
default_backend no-match
backend staging
http-request set-path "%[path,regsub(^/123456/,/)]" # to remove the token after authenticated.
server staging 127.0.0.1:4723
backend production
http-request set-path "%[path,regsub(^/789012/,/)]" # to remove the token after authenticated.
server production 127.0.0.1:4723
backend no-match
http-request deny deny_status 403
the problem is, when i try to visit production with staging token, it works and authenticated. production.com/123456 it will work, and vice versa.
acl staging hdr(Host) staging.com && path /123456
I did tried as per above, put both condition in the same ACL with AND expression but it getting worst, it was able to access without token.
What i want is, to authenticate staging with token/path staging which is 123456, and when i visit production must use production token/path. It should refuse when i hit endpoint production with token staging
so it will refuse connection when i try with production.com/123456.
HA-Proxy version 1.8.25-1
Thanks
1 post - 1 participant