HA Proxy: Omit basic auth for specific URIs

Question

Given a userlist such...

userlist UsersAuth
  group admin users foo
  user foo insecure-password bar

And a backend containing this...

acl AuthOkay_Web http_auth(UsersAuth)
  http-request auth realm AuthYourself if !isOptions !AuthOkay_Web

How can I specify one or more URIs that DO NOT require basic auth?

So, given...

https://example.com/a
https://example.com/baz
https://example.com/c
https://example.com/d

Let's assume that I want /baz to get a free pass.

Is this doable?

Answer 1

Using the ACL documentation at https://cbonte.github.io/haproxy-dconv/1.8/configuration.html#7.1.3, I came up with this...

  acl url_static path_beg /baz
  acl AuthOkay_Web http_auth(UsersAuth)
  http-request auth realm AuthYourself if !isOptions !url_static !AuthOkay_Web