Add ACL so alt-svc header is only sent when geo continent not matching server env

docker-compose.yml

@@ -26,6 +26,7 @@ services:
       # These are the hcaptcha and recaptcha test keys, not leaking any dont worry :^)
       - HAPROXY_MAXCONN=5000
       - HAPROXY_CACHE_MB=500
+      - HAPROXY_CONTINENT=OC
       - HCAPTCHA_SITEKEY=20000000-ffff-ffff-ffff-000000000002
       - HCAPTCHA_SECRET=0x0000000000000000000000000000000000000000
       #- RECAPTCHA_SECRET=6LeIxAcTAAAAAGG-vFI1TnRWxMZNFuojJ4WifJWe

haproxy/haproxy.cfg

@@ -142,7 +142,10 @@ frontend http-in
 	acl can_cache var(txn.path) -i -m end .png .jpg .jpeg .jpe .ico .webmanifest .xml .apng .bmp .webp .pjpeg .jfif .gif .mp4 .webm .mov .mkv .svg .m4a .aac .flac .mp3 .ogg .wav .opus .txt .pdf .sid
 
 	# optional alt-svc header (done after cache so not set in cached responses
-	# http-response set-header Alt-Svc %[var(txn.xcn),map(/etc/haproxy/map/alt-svc.map)]
+	acl match_server_continent var(txn.xcn) -m str "${HAPROXY_CONTINENT}"
+	http-response set-header X-Server-CN "${HAPROXY_CONTINENT}"
+	http-response set-header X-User-CN %[var(txn.xcn)]
+	http-response set-header Alt-Svc %[var(txn.xcn),map(/etc/haproxy/map/alt-svc.map)] if !match_server_continent
 
 	# header checks for no caching
 	# acl auth_cookie_set res.hdr(Set-Cookie),lower -m found

haproxy/map/alt-svc.map

@@ -1,2 +1,3 @@
 EU h2="eur-hostname.com:443";
 NA h2="usa-hostname.com:443";
+OC h2="oce-hostname.com:443";

haproxy/map/blockedasn.map

@@ -1 +0,0 @@
-#12345 admin:asdf

haproxy/map/blockedcc.map

@@ -1 +0,0 @@
-AU admin