Ignore port numbers in haproxy host header matches

Question

Using haproxy-1.5, I have the following partial config:

    acl is_api hdr(host) -i api.example.com
    acl is_app hdr(host) -i app.example.com

Unfortunately, the above doesn't match a request that looks like:

GET / HTTP/1.1
Host: api.example.com:80

Far as I can tell, I need to do:

    acl is_api hdr(host) -i api.example.com
    acl is_api hdr(host) -i api.example.com:80
    acl is_app hdr(host) -i app.example.com
    acl is_app hdr(host) -i app.example.com:80

UGH. NO! HATE!

Is there a nicer way of doing this? Can I just tell haproxy to ignore the port in the host header?

score 8 · Answer 1 · answered Apr 25 '13 at 17:31

8

You might be able to get this to work by checking hdr_dom (https://code.google.com/p/haproxy-docs/wiki/MatchingLayer7) instead of hdr:

acl is_api hdr_dom(host) -i api.example.com
acl is_app hdr_dom(host) -i app.example.com

Just be careful because I believe this would also match things like "otherstuff.api.example.com".

answered Apr 25 '13 at 17:31

Paul Kroon

2,250
1
16
20

1

Depending on the use case `hdr_beg` may be more appropriate, it wont match on `otherstuff.api.example.com`. It will however match on the far less likely `api.example.com.otherstuff` (that `hdr_dom` also matches). – Smithamax Oct 25 '17 at 01:35

score 0 · Answer 2 · answered Jun 30 '21 at 16:42

To solve this problem, I've used this on the frontend:

http-request set-header host %[hdr(host),field(1,:)]

This won't match extraneous URLs and doesn't rely on a regular expression.

From https://discourse.haproxy.org/t/strip-port-in-host-header/4414/10

Ignore port numbers in haproxy host header matches

2 Answers2