Bug #9261


haproxy GUI failure

Added by Suriname Clubcard over 5 years ago. Updated over 5 years ago.

Target version:
Start date:
Due date:
% Done:


Estimated time:
Plus Target Version:
Affected Version:
Affected Plus Version:
Affected Architecture:


The GUI is misbehaving. I'm unable to add a specific ACL via the GUI. Simply adding "http-request redirect scheme https code 301 if !{ ssl_fc }" to the "Advanced pass thru" fixed it but that should not have to be done.

I've written extensively on the forum about this problem (with screenprints): see

Basically the steps to reproduce the problem are:

1. Create a frontend, name it "test", save,
2. Open "test", add an ACL, notice there is no "Traffic is ssl (no value needed):" option,
3. Just to continue, name the ACL "https", expression="Host starts with:", value="https", save,
4. Open "test" once again, edit the ACL, notice now there is the "Traffic is ssl (no value needed):" option,
5. Change the expression to "Traffic is ssl (no value needed):", remove the value, save. Result: error (or the ACL was completely removed).

I tried above with both the haproxy package (package version 0.59_15, haproxy version 1.7.11) and the haproxy-devel package (0.59_15, 1.8.14).

Actions #1

Updated by Pi Ba over 5 years ago

The acl "Traffic is ssl (no value needed)" is using the actual haproxy option: "req.ssl_ver gt 0" this is one that only applies to frontends using mode TCP, and as such is hidden/removed when writing the configuration for a HTTP frontend. That you can see it when editing a old acl isnt supposed to happen, but i guess a little code that actually makes sure of hiding it then is missing.

So with regard to the webgui its 'mostly' working as intended. Changing a existing acl is rarely needed so its not that big an issue that a few 'undesirable' options show up then. imho anyhow. But well i guess it is a little bug.

As for your desired acl option 'ssl_fc', it does currently not exits in the webgui. Which only supports a subset of haproxy's complete feature set.

I guess it could make a good addition though, it seems the ssl_fc is fairly often used in various native haproxy configurations on the web.


Also available in: Atom PDF