MINOR: Refine route-acl rules to prevent unintended prefix matches

This commits updates the behavior of route-acl rules to ensure they do not unintentionally overwrite other rules that share the same prefix. For example, a rule matching the path /api should not inadvertently handle requests to /apiary.
haproxytech · Jan 9, 2025 · 236ea1d · 236ea1d
1 parent 1fba224
commit 236ea1d
Showing 1 changed file with 2 additions and 1 deletion.
diff --git a/pkg/route/route.go b/pkg/route/route.go
@@ -110,7 +110,8 @@ func AddCustomRoute(route Route, routeACLAnn string, api api.HAProxyClient) (err
 		if route.Path.PathTypeMatch == store.PATH_TYPE_EXACT {
 			routeCond = fmt.Sprintf("%s{ path %s }", routeCond, route.Path.Path)
 		} else {
-			routeCond = fmt.Sprintf("%s{ path -m beg %s }", routeCond, route.Path.Path)
+			path := strings.TrimSuffix(route.Path.Path, "/")
+			routeCond = fmt.Sprintf("%s{ path -m reg ^%s($|/) }", routeCond, path)
 		}
 	}
 	routeCond = fmt.Sprintf("%s { %s } ", routeCond, routeACLAnn)