On Sat, Mar 09, 2019 at 11:20:41AM +0200, Ciprian Dorin Craciun wrote:
> On Sat, Mar 9, 2019 at 10:45 AM DHAVAL JAISWAL <dhava...@gmail.com> wrote:
> > frontend loadbalancer_mycom
> > bind 10.100.22.30:80
> > mode http
> >
> > redirect scheme https if !{ ssl_fc }
>
>
> If this line is the one that makes the redirect (and exposes the
> internal IP in case of HTTP/1.0) then you can't fix it as it's part of
> HAProxy internal code.
Note that haproxy will not disclose addresses or whatever, it will
simply build the redirect based on the Host and URI it received. This
probably means that ELB itself has added the Host header with the
internal address when it should not have done so, and is disclosing
this info itself. Or maybe it's adding a Host header field with its
own (ELB) listening address. Probably they need this to upgrade from
1.0 to 1.1 in order to reuse connections.
Willy
