Add ACL so alt-svc header is only sent when geo continent not matching server env
This commit is contained in:
parent
5a0b3bfabc
commit
25f702d157
|
@ -26,6 +26,7 @@ services:
|
|||
# These are the hcaptcha and recaptcha test keys, not leaking any dont worry :^)
|
||||
- HAPROXY_MAXCONN=5000
|
||||
- HAPROXY_CACHE_MB=500
|
||||
- HAPROXY_CONTINENT=OC
|
||||
- HCAPTCHA_SITEKEY=20000000-ffff-ffff-ffff-000000000002
|
||||
- HCAPTCHA_SECRET=0x0000000000000000000000000000000000000000
|
||||
#- RECAPTCHA_SECRET=6LeIxAcTAAAAAGG-vFI1TnRWxMZNFuojJ4WifJWe
|
||||
|
|
|
@ -142,7 +142,10 @@ frontend http-in
|
|||
acl can_cache var(txn.path) -i -m end .png .jpg .jpeg .jpe .ico .webmanifest .xml .apng .bmp .webp .pjpeg .jfif .gif .mp4 .webm .mov .mkv .svg .m4a .aac .flac .mp3 .ogg .wav .opus .txt .pdf .sid
|
||||
|
||||
# optional alt-svc header (done after cache so not set in cached responses
|
||||
# http-response set-header Alt-Svc %[var(txn.xcn),map(/etc/haproxy/map/alt-svc.map)]
|
||||
acl match_server_continent var(txn.xcn) -m str "${HAPROXY_CONTINENT}"
|
||||
http-response set-header X-Server-CN "${HAPROXY_CONTINENT}"
|
||||
http-response set-header X-User-CN %[var(txn.xcn)]
|
||||
http-response set-header Alt-Svc %[var(txn.xcn),map(/etc/haproxy/map/alt-svc.map)] if !match_server_continent
|
||||
|
||||
# header checks for no caching
|
||||
# acl auth_cookie_set res.hdr(Set-Cookie),lower -m found
|
||||
|
|
|
@ -1,2 +1,3 @@
|
|||
EU h2="eur-hostname.com:443";
|
||||
NA h2="usa-hostname.com:443";
|
||||
OC h2="oce-hostname.com:443";
|
||||
|
|
|
@ -1 +0,0 @@
|
|||
#12345 admin:asdf
|
|
@ -1 +0,0 @@
|
|||
AU admin
|
Loading…
Reference in New Issue