Gitiles
Code Review Sign In
git01.mediatek.com / haproxy / 5c866200d4ec61e02676596d473a2af88916d45e^! / .
commit5c866200d4ec61e02676596d473a2af88916d45e[log] [tgz]
authorAlex <al-git001@none.at>Sat Jun 05 13:23:08 2021 +0200
committerWilly Tarreau <w@1wt.eu>Tue Jun 08 10:51:39 2021 +0200
tree1447f7697f4ad16e7e27d79d017a743df2af6e61
parent5e560e80c7ff5452f883eb30cdfdd350f9af121f [diff]
DOC: use the req.ssl_sni in examples

This patch should be backported to at least 2.0

diff --git a/doc/configuration.txt b/doc/configuration.txt
index 6b7cc26..5b1768e 100644
--- a/doc/configuration.txt
+++ b/doc/configuration.txt

@@ -13228,16 +13228,16 @@
   The "use-server" statement works both in HTTP and TCP mode. This makes it
   suitable for use with content-based inspection. For instance, a server could
   be selected in a farm according to the TLS SNI field when using protocols with
-  implicit TLS (also see "req_ssl_sni"). And if these servers have their weight
+  implicit TLS (also see "req.ssl_sni"). And if these servers have their weight
   set to zero, they will not be used for other traffic.
 
   Example :
      # intercept incoming TLS requests based on the SNI field
-     use-server www if { req_ssl_sni -i www.example.com }
+     use-server www if { req.ssl_sni -i www.example.com }
      server     www 192.168.0.1:443 weight 0
-     use-server mail if { req_ssl_sni -i mail.example.com }
+     use-server mail if { req.ssl_sni -i mail.example.com }
      server     mail 192.168.0.1:465 weight 0
-     use-server imap if { req_ssl_sni -i imap.example.com }
+     use-server imap if { req.ssl_sni -i imap.example.com }
      server     imap 192.168.0.1:993 weight 0
      # all the rest is forwarded to this server
      server  default 192.168.0.2:443 check
@@ -18727,7 +18727,7 @@
   matching the HTTPS host name (253 chars or less). The SSL library must have
   been built with support for TLS extensions enabled (check haproxy -vv).
 
-  This fetch is different from "req_ssl_sni" above in that it applies to the
+  This fetch is different from "req.ssl_sni" above in that it applies to the
   connection being deciphered by HAProxy and not to SSL contents being blindly
   forwarded. See also "ssl_fc_sni_end" and "ssl_fc_sni_reg" below. This
   requires that the SSL library is built with support for TLS extensions
@@ -18998,13 +18998,13 @@
   the example below. See also "ssl_fc_sni".
 
   ACL derivatives :
-    req_ssl_sni : exact string match
+    req.ssl_sni : exact string match
 
   Examples :
      # Wait for a client hello for at most 5 seconds
      tcp-request inspect-delay 5s
      tcp-request content accept if { req_ssl_hello_type 1 }
-     use_backend bk_allow if { req_ssl_sni -f allowed_sites }
+     use_backend bk_allow if { req.ssl_sni -f allowed_sites }
      default_backend bk_sorry_page
 
 req.ssl_st_ext : integer