Gitiles
Code Review Sign In
git01.mediatek.com / haproxy / fb35620e87c229d61ade55269203d6bf974bfb30^! / . / doc / configuration.txt
commitfb35620e87c229d61ade55269203d6bf974bfb30[log] [tgz]
authorWilly Tarreau <w@1wt.eu>Tue Aug 03 14:02:05 2010 +0200
committerWilly Tarreau <w@1wt.eu>Tue Aug 10 14:10:58 2010 +0200
tree479ea96c8aab1c3230953c9138bfeee98f9c6975
parent6df7a0e7d328d07fc327d55280697f797ecc76f0 [diff] [blame]
[MEDIUM] session: support "tcp-request content" rules in backends

Sometimes it's necessary to be able to perform some "layer 6" analysis
in the backend. TCP request rules were not available till now, although
documented in the diagram. Enable them in backend now.

diff --git a/doc/configuration.txt b/doc/configuration.txt
index d1fa1fa..02e765f 100644
--- a/doc/configuration.txt
+++ b/doc/configuration.txt

@@ -5171,10 +5171,12 @@
 tcp-request content accept [{if | unless} <condition>]
   Accept a connection if/unless a content inspection condition is matched
   May be used in sections :   defaults | frontend | listen | backend
-                                 no    |    yes   |   yes  |   no
+                                 no    |    yes   |   yes  |   yes
 
   During TCP content inspection, the connection is immediately validated if the
   condition is true (when used with "if") or false (when used with "unless").
+  TCP content inspection applies very early when a connection reaches a
+  frontend, then very early when the connection is forwarded to a backend.
   Most of the time during content inspection, a condition will be in an
   uncertain state which is neither true nor false. The evaluation immediately
   stops when such a condition is encountered. It is important to understand
@@ -5197,10 +5199,12 @@
 tcp-request content reject [{if | unless} <condition>]
   Reject a connection if/unless a content inspection condition is matched
   May be used in sections :   defaults | frontend | listen | backend
-                                 no    |    yes   |   yes  |   no
+                                 no    |    yes   |   yes  |   yes
 
   During TCP content inspection, the connection is immediately rejected if the
   condition is true (when used with "if") or false (when used with "unless").
+  TCP content inspection applies very early when a connection reaches a
+  frontend, then very early when the connection is forwarded to a backend.
   Most of the time during content inspection, a condition will be in an
   uncertain state which is neither true nor false. The evaluation immediately
   stops when such a condition is encountered. It is important to understand
@@ -5234,7 +5238,7 @@
 tcp-request inspect-delay <timeout>
   Set the maximum allowed time to wait for data during content inspection
   May be used in sections :   defaults | frontend | listen | backend
-                                 no    |    yes   |   yes  |   no
+                                 no    |    yes   |   yes  |   yes
   Arguments :
     <timeout> is the timeout value specified in milliseconds by default, but
               can be in any other unit if the number is suffixed by the unit,
@@ -5246,6 +5250,11 @@
   the data then analyze them. This statement simply enables withholding of
   data for at most the specified amount of time.
 
+  TCP content inspection applies very early when a connection reaches a
+  frontend, then very early when the connection is forwarded to a backend. This
+  means that a connection may experience a first delay in the frontend and a
+  second delay in the backend if both have tcp-request rules.
+
   Note that when performing content inspection, haproxy will evaluate the whole
   rules for every new chunk which gets in, taking into account the fact that
   those data are partial. If no rule matches before the aforementioned delay,