commit 13e9b0c9ed968e55612183127161ed84f4970bbb
author William Lallemand <wlallemand@irq6.net> Wed May 25 02:34:07 2016 +0200
committer Willy Tarreau <w@1wt.eu> Wed Jun 01 11:44:11 2016 +0200
tree 7e7b738616626c26da099e4c5698f2ff4b7b6645
parent 44be6405a1570f1e3b14e15a28f2ccf5743b491b

MEDIUM: tcp/http: new set-dst/set-dst-port actions

Like 'set-src' and 'set-src-port' but for destination address and port.
It's available in 'tcp-request connection' and 'http-request' actions.

doc/configuration.txt

diff --git a/doc/configuration.txt b/doc/configuration.txt
index d3ff223..678be44 100644
--- a/doc/configuration.txt
+++ b/doc/configuration.txt
@@ -3860,6 +3860,34 @@
       Be careful to use "set-src-port" after "set-src", because "set-src" sets
       the source port to 0.
 
+    - set-dst <expr> :
+      Is used to set the destination IP address to the value of specified
+      expression. Useful when a proxy in front of HAProxy rewrites destination
+      IP, but provides the correct IP in a HTTP header; or you want to mask
+      the IP for privacy. If you want to connect to the new address/port, use
+      '0.0.0.0:0' as a server address in the backend.
+
+         <expr>    Is a standard HAProxy expression formed by a sample-fetch
+                   followed by some converters.
+
+      Example:
+
+         http-request set-dst hdr(x-dst)
+         http-request set-dst dst,ipmask(24)
+
+    - set-dst-port <expr> :
+      Is used to set the destination port address to the value of specified
+      expression. If you want to connect to the new address/port, use
+      '0.0.0.0:0' as a server address in the backend.
+
+         <expr>    Is a standard HAProxy expression formed by a sample-fetch
+                   followed by some converters.
+
+      Example:
+
+         http-request set-dst-port hdr(x-port)
+         http-request set-dst-port int(4000)
+
     - "silent-drop" : this stops the evaluation of the rules and makes the
       client-facing connection suddenly disappear using a system-dependant way
       that tries to prevent the client from being notified. The effect it then
@@ -8718,6 +8746,34 @@
       Be careful to use "set-src-port" after "set-src", because "set-src" sets
       the source port to 0.
 
+    - set-dst <expr> :
+      Is used to set the destination IP address to the value of specified
+      expression. Useful if you want to mask IP for privacy in log.
+      If you want to provide an IP from a HTTP header use "http-request
+      set-dst". If you want to connect to the new address/port, use
+      '0.0.0.0:0' as a server address in the backend.
+
+         <expr>    Is a standard HAProxy expression formed by a sample-fetch
+                   followed by some converters.
+
+      Example:
+
+         tcp-request connection set-dst dst,ipmask(24)
+         tcp-request connection set-dst ipv4(10.0.0.1)
+
+    - set-dst-port <expr> :
+      Is used to set the destination port address to the value of specified
+      expression. If you want to connect to the new address/port, use
+      '0.0.0.0:0' as a server address in the backend.
+
+
+         <expr>    Is a standard HAProxy expression formed by a sample-fetch
+                   followed by some converters.
+
+      Example:
+
+         tcp-request connection set-dst-port int(4000)
+
     - "silent-drop" :
         This stops the evaluation of the rules and makes the client-facing
         connection suddenly disappear using a system-dependant way that tries