Haproxy配置X-Forwarded-For
安装Httpd服务: [root@linux-01 ~]# yum install httpd Loaded plugins: fastestmirror, security Loading mirror speeds from cached hostfile * base: mirrors.nwsuaf.edu.cn * extras: mirror.bit.edu.cn * updates: mirror.bit.edu.cn base | 3.7 kB 00:0 extras | 3.4 kB 00:0 updates | 3.4 kB 00:0 updates/primary_db | 2.6 MB 00:0 Setting up Install Process Resolving Dependencies --> Running transaction check ---> Package httpd.x86_64 0:2.2.15-54.el6.centos will be installed --> Processing Dependency: httpd-tools = 2.2.15-54.el6.centos for package: httpd-2.2.15-54.el6.centos.x86_64 --> Processing Dependency: apr-util-ldap for package: httpd-2.2.15-54.el6.centos.x86_64 --> Processing Dependency: libaprutil-1.so.0()(64bit) for package: httpd-2.2.15-54.el6.centos.x86_64 --> Processing Dependency: libapr-1.so.0()(64bit) for package: httpd-2.2.15-54.el6.centos.x86_64 --> Running transaction check ---> Package apr.x86_64 0:1.3.9-5.el6_2 will be installed ---> Package apr-util.x86_64 0:1.3.9-3.el6_0.1 will be installed ---> Package apr-util-ldap.x86_64 0:1.3.9-3.el6_0.1 will be installed ---> Package httpd-tools.x86_64 0:2.2.15-54.el6.centos will be installed --> Finished Dependency Resolution Dependencies Resolved =============================================================================================================================== Package Arch Version Repository =============================================================================================================================== Installing: httpd x86_64 2.2.15-54.el6.centos updates Installing for dependencies: apr x86_64 1.3.9-5.el6_2 base apr-util x86_64 1.3.9-3.el6_0.1 base apr-util-ldap x86_64 1.3.9-3.el6_0.1 base httpd-tools x86_64 2.2.15-54.el6.centos updates Transaction Summary =============================================================================================================================== Install 5 Package(s) Total download size: 1.1 M Installed size: 3.6 M Is this ok [y/N]: y Downloading Packages: (1/5): apr-1.3.9-5.el6_2.x86_64.rpm | 123 kB 00:0 (2/5): apr-util-1.3.9-3.el6_0.1.x86_64.rpm | 87 kB 00:0 (3/5): apr-util-ldap-1.3.9-3.el6_0.1.x86_64.rpm | 15 kB 00:0 (4/5): httpd-2.2.15-54.el6.centos.x86_64.rpm | 833 kB 00:0 (5/5): httpd-tools-2.2.15-54.el6.centos.x86_64.rpm | 79 kB 00:0 ------------------------------------------------------------------------------------------------------------------------------- Total 657 kB/s | 1.1 MB 00:0 Running rpm_check_debug Running Transaction Test Transaction Test Succeeded Running Transaction Installing : apr-1.3.9-5.el6_2.x86_64 Installing : apr-util-1.3.9-3.el6_0.1.x86_64 Installing : httpd-tools-2.2.15-54.el6.centos.x86_64 Installing : apr-util-ldap-1.3.9-3.el6_0.1.x86_64 Installing : httpd-2.2.15-54.el6.centos.x86_64 Verifying : httpd-tools-2.2.15-54.el6.centos.x86_64 Verifying : apr-1.3.9-5.el6_2.x86_64 Verifying : httpd-2.2.15-54.el6.centos.x86_64 Verifying : apr-util-1.3.9-3.el6_0.1.x86_64 Verifying : apr-util-ldap-1.3.9-3.el6_0.1.x86_64 Installed: httpd.x86_64 0:2.2.15-54.el6.centos Dependency Installed: apr.x86_64 0:1.3.9-5.el6_2 apr-util.x86_64 0:1.3.9-3.el6_0.1 apr-util-ldap.x86_64 0:1.3.9-3.el6_0.1 httpd-tools.x86_64 0:2.2.15-54.el6.centos Complete!配置Httpd,X-Forwarded-For
[root@linux-01 ~]# vim /etc/httpd/conf/httpd.conf
httpd:
//497: LogFormat "{X-Forwarded-For} %h %l %u %t "%r" %>s %b "%{Referer}i" "%{User-Agent}i"" combined
Acl应用配置案例
Redirect Example:
acl clear dst_port 80
acl secure dst_port 8080
acl login_page url_beg /login
acl logout url_beg /logout
acl uid_given url_reg /login?userid=[^&]+
acl cookie_set hdr_sub(cookie) SEEN=1
redirect prefix https://mysite.com set-cookie SEEN=1 if !cookie_set
redirect prefix https://mysite.com if login_page !secure
redirect prefix http://mysite.com drop-query if login_page !uid_given
redirect location http://mysite.com/ if !login_page secure
redirect location / clear-cookie USERID= if logout
当用户通过80端口访问/haproxy?stats重定向8009端口上服务来提供此功能
reqadd <string> [{if | unless} <cond>]
<string> is the complete line to be added. Any space or known delimiter
must be escaped using a backslash (''). Please refer to section
6 about HTTP header manipulation for more information.
<cond> is an optional matching condition built from ACLs. It makes it
possible to ignore this rule when other conditions are not met.
acl is-ssl dst_port 81
reqadd X-Proto: SSL if is-ssl
超时时长:timeout http-request
timeout http-request <timeout>
Set the maximum allowed time to wait for a complete HTTP request
实现访问控制:
http-request :7层
tcp-request :4层过滤
//scheme://user:password@host:port/path;params?query#fragment
An Example
acl url_static path_beg /static /images /img /css
acl Url_static path_end .gif .png .jpg .css .js
acl host_www hdr_beg(host) -i www
acl host_static hdr_beg(host) -i img. viedo. download. ftp.
use_backend static if host_static of url_static
url_backend www if host_www