Format for hdr_sub pattern matching

Question

I am trying to match the value of a header which has a space in it and cannot figure out what regex expressions haproxy likes. The header I'm after looks like this:

X-Request-ID:'Foo: Bar'

I would be Ok to match exactly this header or anything that starts with it. However, I do NOT want to match 'Foo: Other' My attempts so far:

acl badhdr hdr_sub(X-Request-ID) -i Foo: Bar

Matched anything that starts with Foo

acl badhdr hdr_sub(X-Request-ID) -i Foo:\sBar

didn't match 'Foo: Bar' at all...

Help much appreciated

Answer 1

I'm almost inclined to think that the fact that HAProxy accepts this...

acl badhdr hdr_sub(X-Request-ID) -i Foo: Bar

...may be a bug, and " Bar" is being silently discarded. I'd have to research further to be sure, but the correct way to express this would be a space escaped with a backslash...

acl badhdr hdr_sub(X-Request-ID) -i Foo:\ Bar

...or to enclose the expression in quotes...

acl badhdr hdr_sub(X-Request-ID) -i "Foo: Bar"

Note that _sub is not regex -- it's only substring matching. You might want hdr_beg -- beginning substring.

For an anchored regex, including the beginning ' (assuming that's part of the header, as it appears to be from the question, it also needs to be escaped), I believe the expression would be this:

acl badhdr hdr_reg(X-Request-ID) -i ^\'Foo:\ Bar

Answer 2

According to the documentation, hdr_sub accepts substring matches as a parameter.

According to the documentation on HTTP header manipulation (same link), the substring regexes are a bit unconventional:

\t   for a tab
\r   for a carriage return (CR)
\n   for a new line (LF)
\    to mark a space and differentiate it from a delimiter
\#   to mark a sharp and differentiate it from a comment
\\   to use a backslash in a regex
\\\\ to use a backslash in the text (*2 for regex, *2 for haproxy)
\xXX to write the ASCII hex code XX as in the C language

Thus, this should work for you:

acl badhdr hdr_sub(X-Request-ID) -i Foo:\ Bar