Describe your problem. Include specific actions and error messages.
Hello
We have created the following Load-Balancer : 
openstack loadbalancer listener create --name tls-010-list --wait --protocol HTTP --protocol-port 80  tls-001 
openstack loadbalancer pool create --name tls-010-pool --wait --listener tls-010-list --protocol HTTP --lb-algorithm ROUND_ROBIN 
openstack loadbalancer healthmonitor create --name tls-010-hc --wait --delay 3 --timeout 2 --max-retries 2 --type TCP tls-010-pool 
openstack loadbalancer member create --name 10.10.10.10 --wait --address 10.10.10.10 --protocol-port 8080 tls-010-pool 
openstack loadbalancer l7policy create --name tls-010-policy --wait --action REJECT tls-010-list 
openstack loadbalancer l7rule create -wait --type FILE_TYPE --compare-type EQUAL_TO  -value png tls-010-policy 
 
We want to deny all HTTP traffic where a .png image is downloaded. 
This configuration is not working properly : the policy is not blocking a request to http://$vip/nginx-logo.png where the $vip is the LB VIP.
 
When we look to the HAProxy.conf file, we have the following configuration for the policy : 
 
mode http 
        acl 1a38f9ab-7add-4f39-9839-f3a34223a4ae path_end -m str png
         http-request deny if 1a38f9ab-7add-4f39-9839-f3a34223a4ae 
 
If we manually edit HAProxy configuration and remove the part '-m str' on the ACL line, and reload the HAProxy deamon, the loadbalancer starts to block the request to 'http://$vip/nginx-logo.png' 
 
We don't know at this stage if this wrong behavior is due to a bad configuration set from Octavia on the HAProxy or if this a bug on the HAProxy.
Thanks for your support.
 
Describe the impact to you or the business
No impact 
 
In what environment are you experiencing this behavior?
UAT
 
How frequently does this behavior occur? Does it occur repeatedly or at certain times?
repeatedly