L7 Rules
The rule type can be applied at different moments during request processing. Hence, some rules are available in service only, others in the farm only, and some in both of them.
Rules available once incoming the connection has been accepted:
tcpreqconn (service only)
Rules available once the data has arrived on a client connection:
tcpreqcont , available in both service and farm
httpreq , available in both service and farm
redirect , available in both service and farm
Rules available in service only to choose an alternative farm:
usefarm
Rules available in farm only to choose to force traffic to a server:
useserver
tcprspcont
Other rule types are available to perform third party actions in HAProxy:
Health checking: tcpcheck
Stickiness: stickreq, stickrsp
tcpreqconn
Definition: Perform an action on an incoming connection:
type
Definition: action to perform
Type: enum
Default value: none
Value | Description |
---|---|
accept | Accept an incoming connection |
reject | Reject an incoming connection |
cond
Definition: Condition to apply the rule
Type: enum
Default value: Positive match
Value | Description |
---|---|
if | Positive match: apply the rule if cond_test matches |
unless | Negative match: apply the rule if cond_test does not match |
cond-test
Definition: HAProxy ACL(s) to perform conditions
Type: string
Default value: none
httpreq
Definition: Perform an action on an incoming HTTP request.
To create an L7 rule for
httpreq
, you must use the URL/api/2/*/*/l7/<objecttype>/<objectname>/rule/<ruletype>/<number>
.-
The rule
<number>
can have any of the following values:Value
Description
Tail
Get the first rule of the list
Head
Get the last rule of the list
A positive integer
Get the rule pointed by the integer
type
Definition: action to perform
Type: enum
Default value: none
Value | Description |
---|---|
allow | Accept incoming request; stop evaluation of next rules |
deny | Reject incoming request; stop evaluation of next rules |
auth | Stop the evaluation of the rules; answer with a 401 or 407 to invite the client to authenticate itself |
redirect | Perform an HTTP redirection rule |
tarpit | Block the request during timeout tarpit period of time; stop evaluation of next rules |
add-header | Append an HTTP header field in the request |
set-header | Append an HTTP header field in the request; but delete first any field with the same name |
set-log-level | Change the log level for the current HTTP (req+resp) session |
auth-realm
Definition: Authentication realm string
Type: string
Default value: none
log-level
Definition: Log level to use
Type: enum
Default value: none
Values: Standard syslog levels: debug, info, notice, warning, err, crit, alert, emerg or their integer equivalent, respectively 0, 1, 2, 3, 4, 5, 6, 7* A specific keyword silent to prevent generating the log line, or integer 8.
redir-type
Definition: Type of HTTP redirection to perform
Type: enum
Default value: none
Value | Description |
---|---|
location | Exact redir-to value is placed in the Location header field |
prefix | Use redir-to concatened to current URI path (including query string) to create the Location header |
scheme | Use to change the URL scheme: redir-to is concatenated to the first occurrence of the Host header and the URI path, including the query string |
redir-to
Definition: A string to use when building the Location header
Type: string
Default value: none
redir-code
Definition: HTTP Status code used to perform the redirection (usually, 301 or 302)
Type: integer
Default value: none
hdr-name
Definition: Name of the HTTP header field
Type: string
Default value: none
cond
Definition: Condition to apply the rule
Type: enum
Default value: Positive match
Value | Description |
---|---|
if | Positive match: apply the rule if cond_test matches |
unless | Negative match: apply the rule if cond_test does not match |
cond-test
Definition: HAProxy ACL(s) to perform conditions
Type: string
Default value: none
redirect
We highly recommend using thehttpreq redirect rule rather than the redirect rule. It is easier to understand a configuration that uses only http-request rules instead of a mix of different types of directives.
type
Definition: Type of HTTP redirection to perform
Type: enum
Default value: none
Value | Description |
---|---|
location | Exact to value is placed in the Location header field |
prefix | Use to concatened to current URI path (including query string) to create the Location header |
scheme | Use to change the URL scheme: redir-to is concatenated to the first occurrence of the Host header and the URI path, including the query string |
to
Definition: String to use when building the Location header
Type: string
Default value: none
code
Definition: HTTP Status code used to perform the redirection (usually 301 or 302)
Type: enum
Default value:
cond
Definition: condition to apply the rule
Type: Positive match
Default value:
Value | Description |
---|---|
if | Positive match: apply the rule if cond_test matches |
unless | Negative match: apply the rule if cond_test does not match |
cond-test
Definition: HAProxy ACL(s) to perform conditions
Type: string
Default value: none
usefarm
Definition: Content switching rule to route traffic to a farm.
target-farm
Definition: Name of the farm to route the traffic to
Type: string
Default value: none
cond
Definition: condition to apply the rule
Type: Positive match
Default value:
Value | Description |
---|---|
if | Positive match: apply the rule if cond_test matches |
unless | Negative match: apply the rule if cond_test does not match |
cond-test
Definition: HAProxy ACL(s) to perform conditions
Type: string
Default value: none
tcprspcont
Definition: Pperform an action on a session response.
type
Definition: Action to perform
Type: enum
Default value: none
Value | Description |
---|---|
accept | Accept an incoming connection |
reject | Reject an incoming connection |
cond
Definition: condition to apply the rule
Type: Positive match
Default value:
Value | Description |
---|---|
if | Positive match: apply the rule if cond_test matches |
unless | Negative match: apply the rule if cond_test does not match |
cond-test
Definition: HAProxy ACL(s) to perform conditions
Type: string
Default value: none
useserver
Definition: content switching rule to route traffic to a server.
target-server
Definition: Name of the server to route the traffic to
Type: string
Default value: none
cond
Definition: condition to apply the rule
Type: Positive match
Default value:
Value | Description |
---|---|
if | Positive match: apply the rule if cond_test matches |
unless | Negative match: apply the rule if cond_test does not match |
cond-test
Definition: HAProxy ACL(s) to perform conditions
Type: string
Default value: none
stickreq
Definition: Match and/or set stickiness during the request.
type
Definition: Action to perform
Type: enum
Default value: none
Value | Description |
---|---|
matchandstore | Match the pattern in the tableand stores it if not found |
matchonly | Match the pattern in the table |
storeonly | Store the pattern in the table |
pattern
Definition: Fetch expression to the retrieve key used to perform stickiness
Type: string
Default value: none
table
Definition: Stick table name
Type: string
Default value: none; if not set, use the stick table from the local farm
cond
Definition: condition to apply the rule
Type: Positive match
Default value:
Values:
Value | Description |
---|---|
if | Positive match: apply the rule if cond_test matches |
unless | Negative match: apply the rule if cond_test does not match |
cond-test
Definition: HAProxy ACL(s) to perform conditions
Type: string
Default value: none
stickrsp
Definition: Match and/or set stickiness during the request.
type
Definition: Action to perform
Type: enum
Default value: none
Value | Description |
---|---|
storeonly | Store the pattern in the table |
pattern
Definition: Fetch expression to the retrieve key used to perform stickiness
Type: string
Default value: none
table
Definition: Stick table name
Type: string
Default value: none; if not set, use the stick table from the local farm
cond
Definition: condition to apply the rule
Type: Positive match
Default value:
Value | Description |
---|---|
if | Positive match: apply the rule if cond_test matches |
unless | Negative match: apply the rule if cond_test does not match |
cond-test
Definition: HAProxy ACL(s) to perform conditions
Type: string
Default value: none
tcpcheck
- Definition: Send or expect a sequence to perform a server health
-
check.
type
Definition: Action to perform
Type: enum
Default value: none
Value | Description |
---|---|
connect | Establish a TCP connection to the server |
send | Send raw data to the server |
expect | Match content in data returned by the server |
connect-port
Definition: TCP to connect to
Type: integer
Default value: Server's port
connect-ssl
Definition: Establish a TLS connection
Type: enum; value accepted: enabled
Default value: disabled
expect-failonmatch
Definition: Pattern (string or hexadecimal representation) to match against server response
Type: string
Default value: none
expect-match
Definition: type of matching to perform
Type: enum
Default value: string
Value | Description |
---|---|
binary | Binary (hexadecimal) matching |
rstring | Regular expression |
string | Regular string comparison |
expect-pattern
Definition: Pattern (string or hexadecimal representation) to match against server response.
Type: string
Default value: none
send-data
Definition: Data to send to the server
Type: enum
Default value: string
send-format
Definition: Format of the data to send to the server
Type: enum
Default value: string
Value | Description |
---|---|
binary | Binary (hexadecimal) matching |
string | Regular string comparison |
Next up
L7 Server