How to Set a Dynamic Variable in Haproxy

Haproxy conditional based on a dynamic variable

I discovered a way to solve this. There are conditionals for ACLs called 'always_true' and 'always_false' which as their name suggests will cause the ACL they are used in to always return true or respectively false. So I set that in my config like so:

acl do_redir always_true

then I construct a redirect stmt using this ACL later on in my config:

redirect code 307 prefix http://someurl if do_redir

The ACL do_redir then is my mechanism for toggling the redirect behavior of haproxy. I'm changing this in the haproxy config and restarting the process using chef so it all happens pretty quick.

An alternative method for modifiyng this ACL which I haven't gotten to work yet is to use the haproxy socket. This appears to have an advantage over my current method in that it doesn't require a restart and potentially lost connections, or the complexity and added risk of modifying the haproxy config file.

Dynamic server name and header in HAProxy

About Header manipulation

As the ALERT message say you can't use request header in the response. You should replace the following line.

Wrong line

http-response set-header X-Target  %[req.hdr(Host)]

Right Line

http-request set-header X-Target  %[req.hdr(Host)]

The Backend-Server should not remove this header. If you not want to send the Backend-Server the 'X-Target' host header then can you use a session variable to save the host header from the request to the response phase.

http-request set-var(txn.my_host) req.hdr(host),lower
http-response set-header X-Target %[var(txn.my_host)]

In the documentation are the set-var and set-header directive quite good explained.

http://cbonte.github.io/haproxy-dconv/1.8/configuration.html#4-http-request

About the server manipulation

This line could not work because haproxy tries to resolve the target server at start time.

server web-servers site.%[req.hdr(Host),regsub(^www.,,)]:80 check

In newer version of haproxy. like 2.1, can you dynamically resolve and set the destination hosts.

http://cbonte.github.io/haproxy-dconv/2.1/configuration.html#4.2-http-request%20do-resolve

I assume you want to change the host header for the target server that the right virtual server is used.

My suggestion to solve your issue is to change the host header and set the server name to a resolvable address.

backend backend-default
  option forwardfor

  http-response set-header X-Publishing-system website

  http-request set-header X-Target %[req.hdr(Host)]

  http-request replace-header Host ^www(.*) site.\1
  http-request set-header X-NewTarget %[req.hdr(Host),regsub(^www.,,)]

  server web-servers  site.example.com:80 check

This backend config is only syntax checked.

About dynamic backend server

The server should be resolved dynamically.
For that solution is at least HAProxy 2.0 necessary.

I copy here some parts of the doc http-request do-resolve for this answer.

You will need to add a section resolvers to your config

resolvers mydns
  # use here your prefered DNS Servers
  nameserver local 127.0.0.53:53
  nameserver google 8.8.8.8:53
  timeout retry   1s
  hold valid 10s
  hold nx 3s
  hold other 3s
  hold obsolete 0s
  accepted_payload_size 8192

frontend frontend-http

  bind *:80
  bind *:443

  # define capture buffer for backend
  declare capture request len 60

  acl redirect path_beg -i /rd
  use_backend backend-tracking if redirect

  default_backend backend-default

# ... some more backends

backend backend-default
  option forwardfor

  http-response set-header X-Publishing-system website

  http-request set-header X-Target %[req.hdr(Host)]

  # replace www with site in host header
  http-request replace-header Host ^www(.*) site.\1

  # if necessary set X-NewTarget header
  http-request set-header X-NewTarget %[req.hdr(Host),regsub(^www.,,)]

  # do dynamic host resolving for dynamic 
  # server destination for 
  # the replaced Host Header above 
  http-request do-resolve(txn.myip,mydns,ipv4) hdr(Host),lower

  # print the resolved IP in the log
  http-request capture var(txn.myip) id 0

  # rule to prevent HAProxy from reconnecting to services
  # on the local network (forged DNS name used to scan the network)
  # add the IP Range for the destination host here
  http-request deny if { var(txn.myip) -m ip 127.0.0.0/8 10.0.0.0/8 }
  http-request set-dst var(txn.myip)

  server clear 0.0.0.0:0

Please take care about the note in the documentation

NOTE: Don't forget to set the "protection" rules to ensure HAProxy won't be used to scan the network or worst won't loop over itself...

Haproxy dynamic backend matching request header

You can use the variable in the use backend directive.

Here is a snippet the full answer is here.
https://stackoverflow.com/a/61931107/6778826

frontend fe1
  ...
  use_backend %[req.hdr(key),lower]

backend value
  server something.value.com

Related Topics

Identifying the Preferred Ipv6 Source Address for an Adapter

Automake Subdir-Objects Is Disabled

The New Line Characted in the String Constant Isn't Being Recognized by Nasm

How to Get Environment Variables of Remote Host

Unterminated Address Regex While Using Sed

G++ Conio.H: No Such File or Directory

Making 'Long' 4 Bytes in Gcc on a 64-Bit Linux MAChine

Installing Octave Package in Ubuntu

How to Measure the Stack Size of a Process

Error: Rpc Failed; Curl 56 Openssl Ssl_Read: Error:140943Fc:Ssl Routines:Ssl3_Read_Bytes:Sslv3 Alert Bad Record MAC, Errno 0

Npm Install Causes Errors Like Npm Err! Tar.Unpack Untar Error on Debian

Create Position Independent Object File from Llvm Bit Code

Explanation of Memcpy Memmove Glibc_2.14/2.2.5

Dbus_Bus_Request_Name (): Connections Are Not Allowed to Own the Service

What's the Difference Between 'Push' and 'Pushq' in At&T Assembly

How to Add Boost Library to Code::Blocks in Linux

How to Capitalize First Letter of Each Line in Bash

How Does One Determine the Page Frame Number for Device Memory


Leave a reply



Submit