Add ACL so alt-svc header is only sent when geo continent not matching server env

2025-05-09 02:05:37 +00:00 · 2024-01-28 17:43:56 +11:00
parent 5a0b3bfabc
commit 25f702d157
5 changed files with 6 additions and 3 deletions
--- a/docker-compose.yml
+++ b/docker-compose.yml
@ -26,6 +26,7 @@ services:
      # These are the hcaptcha and recaptcha test keys, not leaking any dont worry :^)
      - HAPROXY_MAXCONN=5000
      - HAPROXY_CACHE_MB=500
      - HAPROXY_CONTINENT=OC
      - HCAPTCHA_SITEKEY=20000000-ffff-ffff-ffff-000000000002
      - HCAPTCHA_SECRET=0x0000000000000000000000000000000000000000
      #- RECAPTCHA_SECRET=6LeIxAcTAAAAAGG-vFI1TnRWxMZNFuojJ4WifJWe
--- a/haproxy/haproxy.cfg
+++ b/haproxy/haproxy.cfg
@ -142,7 +142,10 @@ frontend http-in
 	acl can_cache var(txn.path) -i -m end .png .jpg .jpeg .jpe .ico .webmanifest .xml .apng .bmp .webp .pjpeg .jfif .gif .mp4 .webm .mov .mkv .svg .m4a .aac .flac .mp3 .ogg .wav .opus .txt .pdf .sid
 	# optional alt-svc header (done after cache so not set in cached responses
-	# http-response set-header Alt-Svc %[var(txn.xcn),map(/etc/haproxy/map/alt-svc.map)]
+	acl match_server_continent var(txn.xcn) -m str "${HAPROXY_CONTINENT}"
 	http-response set-header X-Server-CN "${HAPROXY_CONTINENT}"
 	http-response set-header X-User-CN %[var(txn.xcn)]
 	http-response set-header Alt-Svc %[var(txn.xcn),map(/etc/haproxy/map/alt-svc.map)] if !match_server_continent
 	# header checks for no caching
 	# acl auth_cookie_set res.hdr(Set-Cookie),lower -m found
--- a/haproxy/map/alt-svc.map
+++ b/haproxy/map/alt-svc.map
@ -1,2 +1,3 @@
 EU h2="eur-hostname.com:443";
 NA h2="usa-hostname.com:443";
 OC h2="oce-hostname.com:443";
--- a/haproxy/map/blockedasn.map
+++ b/haproxy/map/blockedasn.map
@ -1 +0,0 @@
 #12345 admin:asdf
--- a/haproxy/map/blockedcc.map
+++ b/haproxy/map/blockedcc.map
@ -1 +0,0 @@
 AU admin