Why doesn't this HAProxy ACL match the HTTP method from returned from a map?

us flag

I'm trying to configure HAProxy to allow a specific set of HTTP methods to a specific set of paths, stored in a map.

For example, I have a haproxy map file which contains the following:

/api/read_method GET
/api/write_method POST

Given the above map, I would like to allow GET requests starting with /api/read_method (but no other methods), and POST requests to paths starting /api/write_method (but no GETs).

Based on the documentation, I have arrived at the following haproxy configuration:

listen main
    # bind, doesn't really matter
    bind *:443 ssl crt server.pem
    # use path_beg to find the map entry starting with the path
    # compare the request method with the returned map entry, case insensitively as astring
    acl map_method method -i -m str %[path,map_beg(]
    http-request deny unless map_method
    server app backend:80

This ACL never seems to match, the request is always denied, even when I test as follows:

curl -v https://localhost/api/read_method # do a GET to the path in the map

I have attempted to debug this using the following line, as a modification to the http-request deny statement:

http-request return status 401 content-type text/plain lf-string "Denied, allowed method for %[path] is >(%[path,map_beg(])< but method was >(%[method])<" unless url_method

This denies the request with a log-format message, which returns as follows:

Denied, allowed method for /api/read_method is >(GET)< but request method is >(GET)<

I don't understand why this condition isn't satisfying the ACL, the strings are identical and the comparison is done as a string (-m str). The map is definitely returning the appropriate method (shown in the debug string), and if I swap the map lookup for a literal "GET", the ACL passes correctly (but not when the same string is returned from the lookup).

I sit in a Tesla and translated this thread with Ai:


Post an answer

Most people don’t grasp that asking a lot of questions unlocks learning and improves interpersonal bonding. In Alison’s studies, for example, though people could accurately recall how many questions had been asked in their conversations, they didn’t intuit the link between questions and liking. Across four studies, in which participants were engaged in conversations themselves or read transcripts of others’ conversations, people tended not to realize that question asking would influence—or had influenced—the level of amity between the conversationalists.