Page MenuHomeVyOS Platform
Create Task
Maniphest T7715

haproxy: Add -m end option to match domain suffix
Closed, ResolvedPublicFEATURE REQUEST
Actions

Description

Summary
Request to add the -m end option for domain-name matches (i.e., string that appears at the end)

Need similar to this :

req_ssl_sni -i tenant.domain.com #match the subdomain of the tenant
req_ssl_sni -m end .tenant.domain.com #matches the wildcards of the subdomain of the tenant

The functionality of the first command is already exists in https://github.com/vyos/vyos-1x/blob/current/data/templates/load-balancing/haproxy.cfg.j2#L129

Need an equivalent to the second command for end domain matching

Use case

acl tenant_sni req_ssl_sni -m end .tenant.domain.com
Creates an ACL named tenant_sni that matches HTTPS connections with SNI ending in .tenant.domain.com.

Details

Version
-
Is it a breaking change?
Perfectly compatible
Issue type
Feature (new functionality)

Related Objects

Event Timeline

SrividyaA created this task.Aug 13 2025, 11:39 AM
c-po renamed this task from haproxy: Add -m end option to match domain suffix to haproxy: Add -m end option to match domain suffix.Aug 13 2025, 2:22 PM
c-po triaged this task as Normal priority.
c-po added projects: VyOS Rolling, VyOS 1.5 Circinus (1.5-stream-2025-Q3).
sarthurdev changed the task status from Open to Needs testing.Aug 13 2025, 9:07 PM
sarthurdev claimed this task.
sarthurdev moved this task from Need Triage to Backport Candidates on the VyOS Rolling board.
sarthurdev subscribed.

PR: https://github.com/vyos/vyos-1x/pull/4659

pasik subscribed.Aug 14 2025, 6:23 AM
sarthurdev mentioned this in rVYOSONEX87285fb3d69c: haproxy: T7715: Add rule matching on subdomains.Aug 19 2025, 1:38 PM
sarthurdev mentioned this in rVYOSONEX45d87b6fd250: haproxy: T7715: Move duplicate domain nodes into include.
Restricted Repository Identity mentioned this in rVYOSONEX4da82c6cfd8d: Merge pull request #4659 from sarthurdev/T7715.Aug 19 2025, 1:38 PM
sarthurdev closed this task as Resolved.Sep 17 2025, 7:34 PM
sarthurdev moved this task from Open to Finished on the VyOS 1.5 Circinus (1.5-stream-2025-Q3) board.
sarthurdev moved this task from Backport Candidates to Completed on the VyOS Rolling board.
dmbaturin edited projects, added VyOS 1.5 Circinus (2025.11); removed VyOS 1.5 Circinus (1.5-stream-2025-Q3), VyOS Rolling.Thu, Nov 13, 1:12 AM
dmbaturin changed Is it a breaking change? from Unspecified (possibly destroys the router) to Perfectly compatible.