Last active
March 29, 2021 13:41
-
-
Save haproxytechblog/2d1d99f823fe6e5ec2edc0f9e6cbf631 to your computer and use it in GitHub Desktop.
HAProxy Enterprise 2.3 and HAProxy 2.4 Support the Financial Information eXchange Protocol (FIX)
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
frontend fix_listener | |
mode tcp | |
bind :443 ssl crt /etc/haproxy/certs/cert.pem ssl-min-ver TLSv1.2 | |
default_backend fix_servers |
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
backend fix_servers | |
mode tcp | |
server server1 10.0.0.1:443 check ssl | |
server server2 10.0.0.2:443 check ssl | |
server server3 10.0.0.3:443 check ssl |
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
frontend fix_listener | |
mode tcp | |
bind :443 ssl crt /etc/haproxy/certs/cert.pem ssl-min-ver TLSv1.2 | |
tcp-request inspect-delay 1s | |
tcp-request content reject unless { req.len gt 0 } { req.payload(0,0),fix_is_valid } | |
default_backend fix_servers |
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
frontend fix_listener | |
# ...other listener settings... | |
tcp-request content set-var(txn.sendercompid) req.payload(0,0),fix_tag_value(SenderCompID) | |
use_backend fix_servers_a if { var(txn.sendercompid) -m str firmA } | |
default_backend fix_servers_b |
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
frontend fix_listener | |
mode tcp | |
bind :443 ssl crt /etc/haproxy/certs/cert.pem ssl-min-ver TLSv1.2 verify required ca-file /etc/haproxy/certs/ca.crt | |
# ...other listener settings... |
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
172.16.0.2 ACMEFirm | |
172.17.1.5 AnotherFirm | |
172.17.2.0/24 YetAnotherFirm |
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
frontend fix_listener | |
mode tcp | |
bind :443 ssl crt /etc/haproxy/certs/cert.pem ssl-min-ver TLSv1.2 | |
tcp-request inspect-delay 1s | |
tcp-request content reject unless { req.len gt 0 } { req.payload(0,0),fix_is_valid } | |
tcp-request content set-var(txn.sendercompid) req.payload(0,0),fix_tag_value(SenderCompID) | |
tcp-request content set-var(txn.mapped_sendercompid) src,map_str(/etc/haproxy/maps/sender_ips.map) | |
# Reject connection if the IP was | |
# not found in the map file | |
tcp-request content reject unless { var(txn.mapped_sendercompid) -m found } | |
# Reject connection if the IP didn't | |
# match the one associated with the | |
# SenderCompID in the map file | |
tcp-request content reject unless { var(txn.sendercompid),strcmp(txn.mapped_sendercompid) eq 0 } |
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
global | |
setenv TCP_LOG "%ci:%cp [%t] %ft %b/%s %Tw/%Tc/%Tt %B %ts %ac/%fc/%bc/%sc/%rc %sq/%bq" |
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
frontend fix_listener | |
# ...other listener settings... | |
tcp-request content set-var(txn.sendercompid) req.payload(0,0),fix_tag_value(SenderCompID) | |
tcp-request content set-var(txn.targetcompid) req.payload(0,0),fix_tag_value(TargetCompID) | |
# Define a new log format | |
log-format "${TCP_LOG} %[var(txn.sendercompid)] %[var(txn.targetcompid)]" |
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
frontend fix_listener | |
# ...other listener settings... | |
tcp-request content set-var(txn.errormessage) str("SenderCompID not found in map file") unless { var(txn.mapped_sendercompid) -m found } | |
tcp-request content set-var(txn.errormessage) str("SenderCompID not from expected IP") unless var(txn.sendercompid),strcmp(txn.mapped_sendercompid) eq 0 } | |
# Define a new log format | |
log-format "${TCP_LOG} %[var(txn.sendercompid)] %[var(txn.targetcompid)] %[var(txn.errormessage)]" |
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment