- http://www.haproxy.org/
- Tested version - 1.8.14-52e4d43
- https://github.com/jiangwenyuan/nuster
- case-insensitive for verb
- allows any path/query values (except 0x00-0x20, >0x80):
GET !i?lala=#anything HTTP/1.1
- doesn't url-decode and normalize the path before applying rules
- support converters:
- url_dec - url decodes (but sends undecoded to origin server), but spoils path_begin
- path_* extracts the path, which starts at the first slash and ends before the first question mark
- allows >1
Host:- forwards all of them
- doesn't forward
AnyHeader :- 400 error - support line folding for headers (
Header:zzz-> concatenate with previous header) - no additional headers to backend
- no special headers
- 400 error:
<html><body><h1>400 Bad request</h1>
Your browser sent an invalid request.
</body></html>
- 403 error:
<html><body><h1>403 Forbidden</h1>
Request forbidden by administrative rules.
</body></html>
- doesn't support (parse) Absolute-URI
- forwards it as is
GET http://backend.com/q?name=X&type=Y HTTP/1.1->GET http://backend.com/q?name=X&type=Y HTTP/1.1
Cache's been partly implemented in this version of HAproxy. It was not tested. Nuster was tested instead
- default key of CACHE: method.scheme.host.uri
- default key of NoSQL: GET.scheme.host.uri
http://www.example.com/q?name=X&type=Y -> GET.http.www.example.com./q?name=X&type=Y
- only 200 response is cached
- doesn't respect Cache-Control, Expire headers from the origin
- Does not honor the Pragma and the client's Cache-Control
- Bypass
//admin//Admin//%61dmin/
acl restricted_page path_beg /admin
- Bypass
/log/- any trailing symbol (e.g. /)
acl restricted_page path_beg,url_dec /log