Host matching ACLs missing <host>:<port> form

[bedis]

Hi,

I think the ACLs matching Host headers for routing are inaccurate:
use_backend service1 if { req.hdr(host) -i foo.bar.com } { path_beg /foo }

Host header could have the following forms:

• foo.bar.com
• foo.bar.com:

The acl above will not match the second form.
So it would be good to append to this acl, a new host header to which we append the port configured on the frontend

[ejez]

Could be solved by using hdr_reg instead of hdr:

req.hdr_reg(host) -i ^foo\.bar\.com(:[0-9]+)?$

in file: kubernetes-ingress/controller-backend-switching.go :

import (
...
	"regexp"
...
)
...
				condTest = fmt.Sprintf("{ req.hdr_reg(host) -i %s } ", "^" + regexp.QuoteMeta(rule.Host) + "(:[0-9]+)?$")
...

However use of regex could slow down evaluating ACLs

[oktalz]

Hi,
yes regex option is not the best option here.

i need to check it but maybe something like this would work

  acl acl_1 hdr_beg(host) -i foo.bar
  use_backend default-web-8181 if acl_1 { path_beg /web }

[bedis]

HAProxy proposes a few options:

• use regexes, but as you explained it's counter productive from a performance point of view and at scale
• use the hdr_dom comparison method which matches strings between '.' and ':'. But in such case, this would be equivalent to match *.foo.bar[:port]
• list all possible values in the current ACL: foo.bar foo.bar:80 or foo.bar:443 where it's relevant

The most accurate one is the latest one

[mikecurrancs]

Have ACLs been implemented in the build yet? I have an application to host, that appends :port to the host header, thereby not matching

• use_backend service1 if { req.hdr(host) -i foo.bar.com } { path_beg /foo }

I do not see any documentation, but I do see code in controller-acls.go for ACL methods.

[Mo3m3n]

Hi
This was fixed from v1.4.3 in the commit aac95d5
Fell free to reopen this issue if this does not answer your requirement.