Skip to content

Instantly share code, notes, and snippets.

@guycalledseven
Last active March 1, 2024 17:13
Show Gist options
  • Star 18 You must be signed in to star a gist
  • Fork 6 You must be signed in to fork a gist
  • Save guycalledseven/d8b2d3d2c9ee725c2dff0b79ce81b370 to your computer and use it in GitHub Desktop.
Save guycalledseven/d8b2d3d2c9ee725c2dff0b79ce81b370 to your computer and use it in GitHub Desktop.
haproxy conditions

Haproxy conditions

Since I keep forgetting them I've put them here.

To form a condition, you can use the following syntax after the rule that it applies to:

<HAProxy action statement> if|unless [!]acl1 <AND|OR|or|'||'> [!]acl2 ...

  • if - the condition is TRUE if the result of the ACLs is TRUE.

  • unless - the condition is TRUE if the result of the ACLs is FALSE

  • [!] (optional) - to negate the result of an ACL

  • <acl1>, <acl2> - the name of the ACLs. (More information on ACLs)

  • AND, OR, or, || - logical operators to apply between ACLs in order to form conditions:

if no operator is provided between two ACLs, then a logical AND is applied

  • AND - logical AND

  • OR, or, || - logical OR

NOTE: The AND operator has precedence over the OR operators.

Examples

acl url_static  path_beg         /static /images /img /css
acl url_static  path_end         .gif .png .jpg .css .js
acl host_www    hdr_beg(host) -i www
acl host_static hdr_beg(host) -i img. video. download. ftp.
# now use backend "static" for all static-only hosts, and for static urls
# of host "www". Use backend "www" for the rest.
use_backend static if host_static or host_www url_static
use_backend www    if host_www
use backend back1 if route1 route2

use backend back1 if route1 route2 || route1 route3

use backend back1 if route1 route2
use backend back1 if route1 route3
acl valid_domains hdr(host) -m reg -i ^[^\.]+\.example\.org$
http-request reject if { src -f "${ABUSERS}" }
use_backend cache if { path_end .jpg .css .ico }

Redirect all HTTP traffic to HTTPS when SSL is handled by haproxy.

redirect scheme https if !{ ssl_fc }

Append 'www.' prefix in front of all hosts not having it

http-request redirect code 301 location      \
  http://www.%[hdr(host)]%[capture.req.uri]  \
  unless { hdr_beg(host) -i www }

Send redirects for request for articles without a '/'.

acl missing_slash path_reg ^/article/[^/]*$
redirect code 301 prefix / drop-query append-slash if missing_slash
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment