Virtual host acls applied to the wrong port (haproxy)

I was trying to have a service expose itself outside only through a virtual host. Not through other names or ip addresses.

I set the environment variable: "VAMP_OPERATION_GATEWAY_VIRTUAL_HOSTS_ENABLED": "false"

Howhever the result is that I can still access the service with anything like an ip, a cname etc. After reading the haproxy config it seems to me like the vhost acls are only generated on port 80 and not on 9050 where they need to be.

My vamp file:

name: kafka-manager
kind: blueprint
metadata: {}
gateways:
  '9050':
    port: '9050'
    sticky: null
    virtual_hosts:
    - myvirtualhostname.mydomain.com
    routes:
      kafka-manager/port:
        lookup_name: ad3052d9d262a771bbbfb6f5325a227e7f1e01e7
        weight: null
        balance: default
        condition: null
        condition_strength: null
        rewrites: []
clusters:
  kafka-manager:
    metadata: {}
    services:
    - breed:
        name: kafka-manager
        kind: breed
        metadata: {}
        deployable:
          type: container/docker
          definition: sheepkiller/kafka-manager:1.3.0.8
        ports:
          port: 9000/http
        environment_variables:
          ZK_HOSTS: zk-1.zk:2181,zk-2.zk:2181,zk-3.zk:2181,zk-4.zk:2181,zk-5.zk:2181
          KM_ARGS: -Dkafka-manager.base-zk-path=/kafka-manager
          APPLICATION_SECRET: dfsfsdfsd
        constants: {}
        arguments: []
        dependencies: {}
      environment_variables: {}
      scale:
        cpu: 0.2
        memory: 512.00MB
        instances: 1
      arguments: []
      dialects: {}
    gateways: {}
    dialects: {}
environment_variables: {}

The result is this:

# HAProxy - Frontends & Backends managed by Vamp

# Virtual hosts

frontend virtual_hosts

  bind 0.0.0.0:80
  mode http

  option httplog
  log-format """{\"ci\":\"%ci\",\"cp\":%cp,\"t\":\"%t\",\"ft\":\"%ft\",\"b\":\"%b\",\"s\":\"%s\",\"Tq\":%Tq,\"Tw\":%Tw,\"Tc\":%Tc,\"Tr\":%Tr,\"Tt\":%Tt,\"ST\":%ST,\"B\":%B,\"CC\":\"%CC\",\"CS\":\"%CS\",\"tsc\":\"%tsc\",\"ac\":%ac,\"fc\":%fc,\"bc\":%bc,\"sc\":%sc,\"rc\":%rc,\"sq\":%sq,\"bq\":%bq,\"hr\":\"%hr\",\"hs\":\"%hs\",\"r\":%{+Q}r}"""

  # destination: kafka-manager/9050
  acl 57e73520208d1003 hdr(host) -i myvirtualhostname.mydomain.com
  use_backend c34b8e3d18085e0461cab4e94d282e6ef74ab285  if 57e73520208d1003  

# backend: kafka-manager/9050
backend c34b8e3d18085e0461cab4e94d282e6ef74ab285

  balance roundrobin
  mode http

  option forwardfor
  http-request set-header X-Forwarded-Port %[dst_port]

  # server: kafka-manager/9050
  server c34b8e3d18085e0461cab4e94d282e6ef74ab285 127.0.0.1:9050

# Port mapping

# frontend: kafka-manager/9050
frontend c34b8e3d18085e0461cab4e94d282e6ef74ab285

  bind 0.0.0.0:9050

  option httplog
  log-format """{\"ci\":\"%ci\",\"cp\":%cp,\"t\":\"%t\",\"ft\":\"%ft\",\"b\":\"%b\",\"s\":\"%s\",\"Tq\":%Tq,\"Tw\":%Tw,\"Tc\":%Tc,\"Tr\":%Tr,\"Tt\":%Tt,\"ST\":%ST,\"B\":%B,\"CC\":\"%CC\",\"CS\":\"%CS\",\"tsc\":\"%tsc\",\"ac\":%ac,\"fc\":%fc,\"bc\":%bc,\"sc\":%sc,\"rc\":%rc,\"sq\":%sq,\"bq\":%bq,\"hr\":\"%hr\",\"hs\":\"%hs\",\"r\":%{+Q}r}"""
  mode http

  # backend: other kafka-manager/9050
  default_backend o_c34b8e3d18085e0461cab4e94d282e6ef74ab285

# frontend: other kafka-manager/9050
frontend o_c34b8e3d18085e0461cab4e94d282e6ef74ab285

  option httplog
  log-format """{\"ci\":\"%ci\",\"cp\":%cp,\"t\":\"%t\",\"ft\":\"%ft\",\"b\":\"%b\",\"s\":\"%s\",\"Tq\":%Tq,\"Tw\":%Tw,\"Tc\":%Tc,\"Tr\":%Tr,\"Tt\":%Tt,\"ST\":%ST,\"B\":%B,\"CC\":\"%CC\",\"CS\":\"%CS\",\"tsc\":\"%tsc\",\"ac\":%ac,\"fc\":%fc,\"bc\":%bc,\"sc\":%sc,\"rc\":%rc,\"sq\":%sq,\"bq\":%bq,\"hr\":\"%hr\",\"hs\":\"%hs\",\"r\":%{+Q}r}"""

  bind unix@/usr/local/vamp/o_c34b8e3d18085e0461cab4e94d282e6ef74ab285.sock accept-proxy
  mode http

  # backend: other kafka-manager/9050
  default_backend o_c34b8e3d18085e0461cab4e94d282e6ef74ab285

# frontend: kafka-manager/9050//kafka-manager/kafka-manager/port
frontend 13767c22ef90db5672fc16d1c866fff4c6151bad

  option httplog
  log-format """{\"ci\":\"%ci\",\"cp\":%cp,\"t\":\"%t\",\"ft\":\"%ft\",\"b\":\"%b\",\"s\":\"%s\",\"Tq\":%Tq,\"Tw\":%Tw,\"Tc\":%Tc,\"Tr\":%Tr,\"Tt\":%Tt,\"ST\":%ST,\"B\":%B,\"CC\":\"%CC\",\"CS\":\"%CS\",\"tsc\":\"%tsc\",\"ac\":%ac,\"fc\":%fc,\"bc\":%bc,\"sc\":%sc,\"rc\":%rc,\"sq\":%sq,\"bq\":%bq,\"hr\":\"%hr\",\"hs\":\"%hs\",\"r\":%{+Q}r}"""

  bind unix@/usr/local/vamp/13767c22ef90db5672fc16d1c866fff4c6151bad.sock accept-proxy
  mode http

  # backend: kafka-manager/9050//kafka-manager/kafka-manager/port
  default_backend 13767c22ef90db5672fc16d1c866fff4c6151bad

# frontend: kafka-manager/kafka-manager/port
frontend 6c81bb5cab43bd7943c5fe30255012eb7e412586

  bind 0.0.0.0:40002

  option httplog
  log-format """{\"ci\":\"%ci\",\"cp\":%cp,\"t\":\"%t\",\"ft\":\"%ft\",\"b\":\"%b\",\"s\":\"%s\",\"Tq\":%Tq,\"Tw\":%Tw,\"Tc\":%Tc,\"Tr\":%Tr,\"Tt\":%Tt,\"ST\":%ST,\"B\":%B,\"CC\":\"%CC\",\"CS\":\"%CS\",\"tsc\":\"%tsc\",\"ac\":%ac,\"fc\":%fc,\"bc\":%bc,\"sc\":%sc,\"rc\":%rc,\"sq\":%sq,\"bq\":%bq,\"hr\":\"%hr\",\"hs\":\"%hs\",\"r\":%{+Q}r}"""
  mode http

  # backend: other kafka-manager/kafka-manager/port
  default_backend o_6c81bb5cab43bd7943c5fe30255012eb7e412586

# frontend: other kafka-manager/kafka-manager/port
frontend o_6c81bb5cab43bd7943c5fe30255012eb7e412586

  option httplog
  log-format """{\"ci\":\"%ci\",\"cp\":%cp,\"t\":\"%t\",\"ft\":\"%ft\",\"b\":\"%b\",\"s\":\"%s\",\"Tq\":%Tq,\"Tw\":%Tw,\"Tc\":%Tc,\"Tr\":%Tr,\"Tt\":%Tt,\"ST\":%ST,\"B\":%B,\"CC\":\"%CC\",\"CS\":\"%CS\",\"tsc\":\"%tsc\",\"ac\":%ac,\"fc\":%fc,\"bc\":%bc,\"sc\":%sc,\"rc\":%rc,\"sq\":%sq,\"bq\":%bq,\"hr\":\"%hr\",\"hs\":\"%hs\",\"r\":%{+Q}r}"""

  bind unix@/usr/local/vamp/o_6c81bb5cab43bd7943c5fe30255012eb7e412586.sock accept-proxy
  mode http

  # backend: other kafka-manager/kafka-manager/port
  default_backend o_6c81bb5cab43bd7943c5fe30255012eb7e412586

# frontend: kafka-manager/kafka-manager/port//kafka-manager/kafka-manager/kafka-manager/port
frontend 5ea14b3dae77a90e9d19b1cd237dd499e9415895

  option httplog
  log-format """{\"ci\":\"%ci\",\"cp\":%cp,\"t\":\"%t\",\"ft\":\"%ft\",\"b\":\"%b\",\"s\":\"%s\",\"Tq\":%Tq,\"Tw\":%Tw,\"Tc\":%Tc,\"Tr\":%Tr,\"Tt\":%Tt,\"ST\":%ST,\"B\":%B,\"CC\":\"%CC\",\"CS\":\"%CS\",\"tsc\":\"%tsc\",\"ac\":%ac,\"fc\":%fc,\"bc\":%bc,\"sc\":%sc,\"rc\":%rc,\"sq\":%sq,\"bq\":%bq,\"hr\":\"%hr\",\"hs\":\"%hs\",\"r\":%{+Q}r}"""

  bind unix@/usr/local/vamp/5ea14b3dae77a90e9d19b1cd237dd499e9415895.sock accept-proxy
  mode http

  # backend: kafka-manager/kafka-manager/port//kafka-manager/kafka-manager/kafka-manager/port
  default_backend 5ea14b3dae77a90e9d19b1cd237dd499e9415895

# backend: other kafka-manager/9050
backend o_c34b8e3d18085e0461cab4e94d282e6ef74ab285

  mode http
  balance roundrobin

  # server: kafka-manager/9050//kafka-manager/kafka-manager/port
  server 13767c22ef90db5672fc16d1c866fff4c6151bad unix@/usr/local/vamp/13767c22ef90db5672fc16d1c866fff4c6151bad.sock send-proxy weight 100 check 

# backend: kafka-manager/9050//kafka-manager/kafka-manager/port
backend 13767c22ef90db5672fc16d1c866fff4c6151bad

  mode http
  balance roundrobin

  option forwardfor
  # server: kafka-manager/kafka-manager/port
  server af85b5bc7f568a54b59e1eacd50e76abfab62126 127.0.0.1:40002   cookie af85b5bc7f568a54b59e1eacd50e76abfab62126 weight 100 check  

# backend: other kafka-manager/kafka-manager/port
backend o_6c81bb5cab43bd7943c5fe30255012eb7e412586

  mode http
  balance roundrobin

  # server: kafka-manager/kafka-manager/port//kafka-manager/kafka-manager/kafka-manager/port
  server 5ea14b3dae77a90e9d19b1cd237dd499e9415895 unix@/usr/local/vamp/5ea14b3dae77a90e9d19b1cd237dd499e9415895.sock send-proxy weight 100 check 

# backend: kafka-manager/kafka-manager/port//kafka-manager/kafka-manager/kafka-manager/port
backend 5ea14b3dae77a90e9d19b1cd237dd499e9415895

  mode http
  balance roundrobin

  option forwardfor
  # server: kafka-manager_kafka-manager.743fdb54-07e0-11e7-b8e5-70b3d5800002
  server 25b10ccd413acbe185f30d4703e9ec3a82a912fe 10.0.3.9:22597  cookie 25b10ccd413acbe185f30d4703e9ec3a82a912fe weight 100 check

magneticio / vamp

Virtual host acls applied to the wrong port (haproxy) #941