Using an application rule - is it possible to only permit traffic to say www.acme.com/foo.html but deny all other
http requests to the Virtual Server? What would that rule look like? Thank you.
From some examples I can see that url_beg normally for something like http:// or something in the beginning
Perhaps path_dir or path_end more suitable for your case
Something like below
using path_end
acl is_foo path_end -i /foo.html
block if!is_foo
or
acl is_foo path_end -i /foo.html
tcp-request connection reject if!is_foo
using path_dir
acl is_foo path_dir -i foo.html
block if!is_foo
or
acl is_acme path_dir -i foo.html
tcp-request connection reject if!is_foo
You can try something like below
acl is_acme hdr(Host) -i www.acme.com
tcp-request connection reject if!is_acme
or
acl is_acme hdr(Host) -i www.acme.com
block if!is_acme
More about HAProxy ACL here: ACLs: Access Control Lists — HAProxy Technologies documentation
So in my example it looks like I could use HTTP_URL_SLASH e.g.
acl is_foo url_beg /foo.html
tcp-request connection reject if!is_foo
Does that look right?
From some examples I can see that url_beg normally for something like http:// or something in the beginning
Perhaps path_dir or path_end more suitable for your case
Something like below
using path_end
acl is_foo path_end -i /foo.html
block if!is_foo
or
acl is_foo path_end -i /foo.html
tcp-request connection reject if!is_foo
using path_dir
acl is_foo path_dir -i foo.html
block if!is_foo
or
acl is_acme path_dir -i foo.html
tcp-request connection reject if!is_foo
This is very helpful. Thanks!