On Sun, Feb 10, 2019 at 1:00 PM Moemen MHEDHBI <mmhed...@haproxy.com> wrote:
> For example, it is not the role of a reverse proxy to fetch a Web resource so
> returning "404 Not found" won't make much sense and will make debug harder
> when trying to identify where the 404 originated from.
For starters, if one assumes that HAProxy is (capable of) more than a
"reverse proxy", then you quickly start to all sorts of use-cases
especially in the realm of WAF (Web Application Firewalls).
For example it is notorious that many (less popular) frameworks are
too "leaky" in their error pages (especially in the 502 area), and
provide too much information that could be used by an attacker to
"scout" around. Therefore I always have a rule in my HAProxy in which
if the backend doesn't respond with a "proper" code (in the 200 and
300 range), I just mask that with a `http-response deny`.
A similar approach I wanted to take with 404, in masking certain URL's
that are not actually allowed outside the "trusted" networks.
> That being said, it is still very useful to be able to make a reverse proxy
> send any desired response. So you can do that by hard coding the error you
> want to send in the errorfile. Example:
>
> errorfile 400 /tmp/400
> http-request deny deny_status 400 if { path_beg /test }
>
> Then in your /tmp/400:
>
> HTTP/1.1 404 Not Found
I know about the fact that in the `errorfile` you can put verbatim any
HTTP valid response, unfortunately the number of error codes is quite
limited. (And 400 is not the same as 404.)
> HAProxy provides a cache, which was designed to perform cache on small
> objects (favicon, css...). So this may be what you are looking for.
Unfortunately the feature I'm proposing is not as a way to "offload"
load from the actual web server (where the caching feature would
help), but instead of being able to serve some "operational" pages
straight out of HAProxy, without additional backend servers (or Lua)
code.
Again this use-case is geared more towards CDN custom error pages or
service routers.
Ciprian.
