From 4d4de0102b2d91c81922bc9f5b44db2dbe807418 Mon Sep 17 00:00:00 2001
From: jurgenhaas <juergen@paragon-es.de>
Date: Wed, 13 Jan 2021 10:03:05 +0100
Subject: [PATCH] ansible-inventories/gentner#2364 Capture user agent for
logging
---
templates/haproxy_cfg.jinja2 | 6 +++++-
1 file changed, 5 insertions(+), 1 deletion(-)
diff --git a/templates/haproxy_cfg.jinja2 b/templates/haproxy_cfg.jinja2
index 0e8b955..227500c 100644
--- a/templates/haproxy_cfg.jinja2
+++ b/templates/haproxy_cfg.jinja2
@@ -13,7 +13,7 @@ global
defaults
log global
- log-format %ci:%cp\ [%T]\ %ft\ %b/%s\ %Tq/%Tw/%Tc/%Tr/%Tt\ %ST\ %B\ %CC\ %CS\ %tsc\ %ac/%fc/%bc/%sc/%rc\ %sq/%bq\ %[ssl_fc_sni]\ %hr\ %hs\ %{+Q}r
+ log-format %ci:%cp\ [%T]\ %ft\ %b/%s\ %Tq/%Tw/%Tc/%Tr/%Tt\ %ST\ %B\ %CC\ %CS\ %tsc\ %ac/%fc/%bc/%sc/%rc\ %sq/%bq\ %[ssl_fc_sni]\ %hr\ %{+Q}r
mode http
option dontlognull
timeout connect {{ proxy_timeout_connect }}
@@ -52,6 +52,8 @@ userlist notprivate
frontend http_in
bind *:80
+ http-request capture req.hdr(User-Agent) len 100
+ log-format %ci:%cp\ [%T]\ %ft\ %b/%s\ %Tq/%Tw/%Tc/%Tr/%Tt\ %ST\ %B\ %CC\ %CS\ %tsc\ %ac/%fc/%bc/%sc/%rc\ %sq/%bq\ %[ssl_fc_sni]\ %hr\ %{+Q}r
http-request del-header Proxy
acl blockedip src -f /etc/haproxy/blacklist.ip
http-request deny if blockedip
@@ -198,6 +200,8 @@ frontend http_in
frontend https_in_{{ cert.ip }}
bind {{ cert.ip }}:443 ssl crt /etc/haproxy/certs/{{ cert.file }} no-sslv3
+ http-request capture req.hdr(User-Agent) len 100
+ log-format %ci:%cp\ [%T]\ %ft\ %b/%s\ %Tq/%Tw/%Tc/%Tr/%Tt\ %ST\ %B\ %CC\ %CS\ %tsc\ %ac/%fc/%bc/%sc/%rc\ %sq/%bq\ %[ssl_fc_sni]\ %hr\ %{+Q}r
http-request del-header Proxy
http-request redirect code 301 location %[base,lower,map(/etc/haproxy/redirect.domain-and-path.map)] if { base,lower,map(/etc/haproxy/redirect.domain-and-path.map) -m found }
http-request redirect code 301 location %[capture.req.uri,lower,map(/etc/haproxy/redirect.path.map)] if { capture.req.uri,lower,map(/etc/haproxy/redirect.path.map) -m found }
--
GitLab