Searching HAProxy Enterprise 1.9r1
Detecting Devices with DeviceAtlas
DeviceAtlas provides a common device identifier to understand device traffic across all connected environments.
This module enables device identification using HTTP headers to allow administrators to make decisions based on the device type, among other properties. It also provides live updates of databases, similar to HAProxy's Update module for maps/ACLs.
Tip
- HAProxy Enterprise only: This module requires an active HAProxy
-
Enterprise subscription. Please contact us if you would like to learn more or begin a free trial.
Install the DeviceAtlas module
Get the DeviceAtlas database (JSON file) from https://deviceatlas.com/deviceatlas-haproxy-module.
-
After you extract the file, run the following command:
$ make TARGET=<target> USE_PCRE=1 USE_DEVICEATLAS=1 DEVICEATLAS_SRC=<path to the API root folder>
-
Install the DeviceAtlas module according to your platform:
$ sudo apt install hapee-1.9r1-lb-da
or
$ sudo yum install hapee-1.9r1-lb-da
Configure the DeviceAtlas module
-
In the
global
section of the HAProxy configuration file, add the following:global module-load hapee-lb-da.so deviceatlas-json-file <path to json file>
Update the database during runtime
Install the package
hapee-1.9r1-lb-da-update
.-
Add following to the
global
section of your configuration file:global module-load hapee-lb-da-update.so deviceatlas-update url http://192.168.122.1/deviceatlas-sample.json delay 24h log
With this configuration, HAProxy downloads the database every 24 hours, and displays a message in the logs when it succeeds or if it encountered errors during the update.
Global parameters
The global
section for the hapee-lb-da
module supports the following directives:
Directive | Description |
---|---|
| Loads a DeviceAtlas database. |
| Specifies the separator to use within the output. Defaults to a pipe symbol (|). |
| Sets the log level, which can be set to a number between 0 and 3 (defaults to 0):
|
| The name of the DeviceAtlas Client-side Component cookie, if using client-side properties. Defaults to DAPROPS. |
The global
section for the hapee-lb-da-update
module supports the following directives:
Directive | Description |
---|---|
| Enables updating the database over HTTP from the specified URL. Updating a database with a newer version invalidates any cached lookups (if caching is used), unless you enable |
where:
url <url>
requiredSpecifies the database update URL. The updated data can be either JSON or precompiled JSON.
delay <u>
Specifies the period between each attempt to download a new database version. The delay is a simplified version of the
xdelay
keyword.
xdelay <u s b r>
<u>
specifies the period between each attempt to download a new database version
<s>
specifies the initial (first) download delay
<b>
specifies the delay between the download of each element of the databaseIf the download fails,
<r>
determines the delay for the next attemptDefault values are: u = 5m, s = 5s, b = 10s, and r = 30s
timeout <t>
Specifies the HTTP connection timeout for attempts to download a new database version.
The value is set in milliseconds by default, but you can set it to any other unit if you add a unit suffix to the number.
Defaults to 5 seconds.
retries <n>
Specifies the number of retries to download a new DeviceAtlas database version. If not set, the global
retries
value applies (defaults to 3).
checksum
If set, determines the use of the
SHA1
control sum to verify that the contents of the recently downloaded database is identical to the current one. If they are identical, then live-reload of the database does not occur, thereby preserving the cached contents (if using caching). See note below.
hash
If set, enables authentication of the downloaded data.
Each file undergoing upgrade must have the associated file with
SHA1
checksum.A
SHA1
checksum file has the extension .sha1.The typical way of creating a
SHA1
checksum file is:sha1sum file > file.sha1
.
modified
Specifies the use of the time from the
Last-Modified
response HTTP header. Example: checks whether to update the data using theIf-Modified-Since
request HTTP header. See note below.
source <addr>[:<port>]
Sets the source address for outgoing connections.
<addr>
is the IPv4 address HAProxy binds to before it connects to a serverThe default value is 0.0.0.0 to let the system select the most optimal address to reach its destination
<port>
is optionalThe default value of zero means that the system selects a free port
Does not support port ranges
log
Specifies whether to log operation errors.
dontlog-normal
Deactivates logging of successful updates.
param*
Lists other server parameters that are useful for configuring SSL features.
Note
When you set parameters for maxmind-update
, the options checksum
and modified
are mutually exclusive. If you define them at the same time, the option modified
automatically switches off and a warning message prints when HAProxy starts.
Converter
HAProxy uses the converter da-csv-conv
converter to perform a lookup in the database and returns the values of the specified properties.
Syntax:
da-csv-conv(<prop>[,<prop>*])
listen DeviceAtlas-module-test
bind *:10080
mode http
server localhost 127.0.0.1:8000
http-request set-header X-DeviceAtlas-Data %[req.hdr(user-agent),da-csv-conv(primaryHardwareType,osName,osVersion,browserName,browserVersion,browserRenderingEngine)]
This creates an HTTP request header that looks like this: X-Deviceatlas-Data: Desktop|Windows 10|NT 10.0|Firefox|68.|Gecko
.
HAProxy Runtime API
The following Runtime API commands are available:
| Sets the debug level. The default is 7. Use this command only when the module runs in debug mode; in normal use, it has no significance. |
| Provides instrumentation describing space usage.
|
| Displays the module configuration. |
| Displays the module status. |
| Runs the update at a time specified with the
|
DeviceAtlas use cases
There are two distinct methods available when using DeviceAtlas: one that leverages all HTTP headers, and one that uses only a single HTTP header for detection. We recommend the "All HTTP headers" method because it's more accurate.
Transmit DeviceAtlas data downstream to the target application
-
From all HTTP headers via the sample
fetch
:# Used in the a frontend, listen, or backend section http-request set-header X-DeviceAtlas-Data %[da-csv-fetch(primaryHardwareType,osName,osVersion,browserName,browserVersion,browserRenderingEngine)]
-
From a single HTTP header (e.g. User-Agent) via the converter:
# Used in the a frontend, listen, or backend section http-request set-header X-DeviceAtlas-Data %[req.fhdr(User-Agent),da-csv-conv(primaryHardwareType,osName,osVersion,browserName,browserVersion,browserRenderingEngine)]
Switch mobile content with ACL
-
From all HTTP headers via the sample
fetch
:# Used in the a frontend, listen, or backend section acl is_mobile da-csv-fetch(mobileDevice) 1
-
From a single HTTP header:
# Used in the a frontend, listen, or backend section acl device_type_tablet req.fhdr(User-Agent),da-csv-conv(primaryHardwareType) "Tablet"