The rule type can be applied at different moments during request processing. Hence, some rules are available in service only, others in the farm only, and some in both of them.

Rules available once incoming the connection has been accepted:

  • tcpreqconn (service only)

Rules available once the data has arrived on a client connection:

  • tcpreqcont , available in both service and farm

  • httpreq , available in both service and farm

  • redirect , available in both service and farm

Rules available in service only to choose an alternative farm:

  • usefarm

Rules available in farm only to choose to force traffic to a server:

  • useserver

  • tcprspcont

Other rule types are available to perform third party actions in HAProxy:

  • Health checking: tcpcheck

  • Stickiness: stickreq, stickrsp

tcpreqconn

Definition: Perform an action on an incoming connection:

type

  • Definition: action to perform

  • Type: enum

  • Default value: none

Value

Description

accept

Accept an incoming connection

reject

Reject an incoming connection

cond

  • Definition: Condition to apply the rule

  • Type: enum

  • Default value: Positive match

Value

Description

if

Positive match: apply the rule if cond_test matches

unless

Negative match: apply the rule if cond_test does not match

cond-test

  • Definition: HAProxy ACL(s) to perform conditions

  • Type: string

  • Default value: none

httpreq

Definition: Perform an action on an incoming HTTP request.

type

  • Definition: action to perform

  • Type: enum

  • Default value: none

Value

Description

allow

Accept incoming request; stop evaluation of next rules

deny

Reject incoming request; stop evaluation of next rules

auth

Stop the evaluation of the rules; answer with a 401 or 407 to invite the client to authenticate itself

redirect

Perform an HTTP redirection rule

tarpit

Block the request during timeout tarpit period of time; stop evaluation of next rules

add-header

Append an HTTP header field in the request

set-header

Append an HTTP header field in the request; but delete first any field with the same name

set-log-level

Change the log level for the current HTTP (req+resp) session

auth-realm

Note

This is ignored if httpreq is not set to auth.

  • Definition: Authentication realm string

  • Type: string

  • Default value: none

log-level

Note

This is ignored if httpreq is not set to set-log-level.

  • Definition: Log level to use

  • Type: enum

  • Default value: none

  • Values: Standard syslog levels: debug, info, notice, warning, err, crit, alert, emerg or their integer equivalent, respectively 0, 1, 2, 3, 4, 5, 6, 7* A specific keyword silent to prevent generating the log line, or integer 8.

redir-type

Note

This is ignored if httpreq is not set to redirect.

  • Definition: Type of HTTP redirection to perform

  • Type: enum

  • Default value: none

Value

Description

location

Exact redir-to value is placed in the Location header field

prefix

Use redir-to concatened to current URI path (including query string) to create the Location header

scheme

Use to change the URL scheme: redir-to is concatenated to the first occurrence of the Host header and the URI path, including the query string

redir-to

Note

This is ignored if httpreq is not set to redirect.

  • Definition: A string to use when building the Location header

  • Type: string

  • Default value: none

redir-code

Note

This is ignored if httpreq is not set to redirect.

  • Definition: HTTP Status code used to perform the redirection (usually, 301 or 302)

  • Type: integer

  • Default value: none

hdr-name

Note

This is ignored if httpreq is not set to add-header or set-header.

  • Definition: Name of the HTTP header field

  • Type: string

  • Default value: none

cond

  • Definition: Condition to apply the rule

  • Type: enum

  • Default value: Positive match

Value

Description

if

Positive match: apply the rule if cond_test matches

unless

Negative match: apply the rule if cond_test does not match

cond-test

  • Definition: HAProxy ACL(s) to perform conditions

  • Type: string

  • Default value: none

redirect

We highly recommend using thehttpreq redirect rule rather than the redirect rule. It is easier to understand a configuration that uses only http-request rules instead of a mix of different types of directives.

type

  • Definition: Type of HTTP redirection to perform

  • Type: enum

  • Default value: none

Value

Description

location

Exact to value is placed in the Location header field

prefix

Use to concatened to current URI path (including query string) to create the Location header

scheme

Use to change the URL scheme: redir-to is concatenated to the first occurrence of the Host header and the URI path, including the query string

to

  • Definition: String to use when building the Location header

  • Type: string

  • Default value: none

code

  • Definition: HTTP Status code used to perform the redirection (usually 301 or 302)

  • Type: enum

  • Default value:

cond

  • Definition: condition to apply the rule

  • Type: Positive match

  • Default value:

Value

Description

if

Positive match: apply the rule if cond_test matches

unless

Negative match: apply the rule if cond_test does not match

cond-test

  • Definition: HAProxy ACL(s) to perform conditions

  • Type: string

  • Default value: none

usefarm

Definition: Content switching rule to route traffic to a farm.

target-farm

  • Definition: Name of the farm to route the traffic to

  • Type: string

  • Default value: none

cond

  • Definition: condition to apply the rule

  • Type: Positive match

  • Default value:

Value

Description

if

Positive match: apply the rule if cond_test matches

unless

Negative match: apply the rule if cond_test does not match

cond-test

  • Definition: HAProxy ACL(s) to perform conditions

  • Type: string

  • Default value: none

tcprspcont

Definition: Pperform an action on a session response.

type

  • Definition: Action to perform

  • Type: enum

  • Default value: none

Value

Description

accept

Accept an incoming connection

reject

Reject an incoming connection

cond

  • Definition: condition to apply the rule

  • Type: Positive match

  • Default value:

Value

Description

if

Positive match: apply the rule if cond_test matches

unless

Negative match: apply the rule if cond_test does not match

cond-test

  • Definition: HAProxy ACL(s) to perform conditions

  • Type: string

  • Default value: none

useserver

Definition: content switching rule to route traffic to a server.

target-server

  • Definition: Name of the server to route the traffic to

  • Type: string

  • Default value: none

cond

  • Definition: condition to apply the rule

  • Type: Positive match

  • Default value:

Value

Description

if

Positive match: apply the rule if cond_test matches

unless

Negative match: apply the rule if cond_test does not match

cond-test

  • Definition: HAProxy ACL(s) to perform conditions

  • Type: string

  • Default value: none

stickreq

Definition: Match and/or set stickiness during the request.

type

  • Definition: Action to perform

  • Type: enum

  • Default value: none

Value

Description

matchandstore

Match the pattern in the tableand stores it if not found

matchonly

Match the pattern in the table

storeonly

Store the pattern in the table

pattern

  • Definition: Fetch expression to the retrieve key used to perform stickiness

  • Type: string

  • Default value: none

table

  • Definition: Stick table name

  • Type: string

  • Default value: none; if not set, use the stick table from the local farm

cond

  • Definition: condition to apply the rule

  • Type: Positive match

  • Default value:

  • Values:

Value

Description

if

Positive match: apply the rule if cond_test matches

unless

Negative match: apply the rule if cond_test does not match

cond-test

  • Definition: HAProxy ACL(s) to perform conditions

  • Type: string

  • Default value: none

stickrsp

Definition: Match and/or set stickiness during the request.

type

  • Definition: Action to perform

  • Type: enum

  • Default value: none

Value

Description

storeonly

Store the pattern in the table

pattern

  • Definition: Fetch expression to the retrieve key used to perform stickiness

  • Type: string

  • Default value: none

table

  • Definition: Stick table name

  • Type: string

  • Default value: none; if not set, use the stick table from the local farm

cond

  • Definition: condition to apply the rule

  • Type: Positive match

  • Default value:

Value

Description

if

Positive match: apply the rule if cond_test matches

unless

Negative match: apply the rule if cond_test does not match

cond-test

  • Definition: HAProxy ACL(s) to perform conditions

  • Type: string

  • Default value: none

tcpcheck

Definition: Send or expect a sequence to perform a server health check.

type

  • Definition: Action to perform

  • Type: enum

  • Default value: none

Value

Description

connect

Establish a TCP connection to the server

send

Send raw data to the server

expect

Match content in data returned by the server

connect-port

Note

This is ignored if type is not set to connect.

  • Definition: TCP to connect to

  • Type: integer

  • Default value: Server's port

connect-ssl

Note

This is ignored if type is not set to connect.

  • Definition: Establish a TLS connection

  • Type: enum; value accepted: enabled

  • Default value: disabled

expect-failonmatch

Note

This is ignored if type is not set to expect.

  • Definition: Pattern (string or hexadecimal representation) to match against server response

  • Type: string

  • Default value: none

expect-match

Note

This is ignored if type is not set to expect.

  • Definition: type of matching to perform

  • Type: enum

  • Default value: string

Value

Description

binary

Binary (hexadecimal) matching

rstring

Regular expression

string

Regular string comparison

expect-pattern

Note

This is ignored if type is not set to expect.

  • Definition: Pattern (string or hexadecimal representation) to match against server response.

  • Type: string

  • Default value: none

send-data

Note

This is ignored if type is not set to send.

  • Definition: Data to send to the server

  • Type: enum

  • Default value: string

send-format

Note

This is ignored if type is not set to send.

  • Definition: Format of the data to send to the server

  • Type: enum

  • Default value: string

Value

Description

binary

Binary (hexadecimal) matching

string

Regular string comparison