Hi, Thanks for you answer. I have just added "http-after-response
add-header Content-Type 'text/html'" at the FE level and now I have the
required header. Nice improvement but is there a way to extract the headers
and their values coming from the BE and inject them the same way, instead of
arbitrary forcing a value ? For that example it's quite ok to use a defined
value, but maybe having something more "dynamic" can help for future use cases.
Or maybe some URLs wil return JSON or something else and forcing the wrong type
will mess things up. As I am using Docker containers, I swicthed to 2.6.
Here is my currently running config : global
log stdout format raw local0 debug
ca-base /etc/ssl/certs
crt-base /etc/ssl/private # [TODO] Custom error page
#errorfile 503 /etc/haproxy/errors/503.http defaults
mode http
option httplog
option dontlognull
option h1-case-adjust-bogus-client log global
frontend web-vip
bind *:443 ssl crt /etc/ssl/certs/haproxy.pem bind *:80
http-request redirect scheme https unless { ssl_fc } ##################
# DOS protection #
##################
acl acl_dp_whitelist src A.B.C.D/24
http-request track-sc0 src table table_login_limiter
timeout tarpit 10s
http-request tarpit deny_status 429 if !acl_dp_whitelist { sc_get_gpc0(0) gt
10 }
http-response sc-inc-gpc0(0) if !acl_dp_whitelist { status 401 } ########
# ACLs #
########
# COMMON
acl acl_is_root path -i / # CAS
acl acl_cas_url path_dir -i cas # CAS PROTOCOL URIs (2.0 / 3.0)
acl acl_cas_login_uri path -i -m beg /login
acl acl_cas_logout_uri path -i -m beg /logout
acl acl_cas_service_validate_uri path -i -m beg /serviceValidate
acl acl_cas_proxy_validate_uri path -i -m beg /proxyValidate
acl acl_cas_proxy_uri path -i -m beg /proxy
acl acl_cas_validate_uri path -i -m beg /validate
http-after-response add-header Content-Type 'text/html'
###################################
# CAS missing prefix redirections #
###################################
#http-request redirect prefix /cas if acl_is_root || acl_cas_login_uri ||
acl_cas_logout_uri || acl_cas_service_validate_uri ||
acl_cas_proxy_validate_uri || acl_cas_proxy_uri || acl_cas_validate_uri
#####################
# Backend selection #
#####################
use_backend cas-server if acl_cas_url ############
# Backends #
############ #################
# Login limiter #
#################
backend table_login_limiter
stick-table type ip size 1m expire 60s store http_req_rate(60s),gpc0 #######
# CAS #
#######
backend cas-server
option http-keep-alive
option forwardfor http-response replace-header Location
(https?://%[req.hdr(Host)](:[0-9]+)?)?(/cas/)(.*) \1\4 if !{ capture.req.uri -m
beg /cas/ } server cas_local cas:8080 check Regards
Le 28-Jun-2022 12:43:11 +0200, al-hapr...@none.at a crit:
Hi.
On Tue, 28 Jun 2022 12:23:15 +0200
spfma.t...@e.mail.fr wrote:
> Hi, I have a problem to solve : I never paid attention to the fact HAProxy
> (2.5.1-86b093a) did not return HTTP headers in the reponses, because there
> was no complaints so far. But now we got one, because of an old application
> which needs at least "Content-Type" as some tests are performed before
> generating the content. If the devs don't fix it, I will have to find a
> solution on the load balancer side. The LB is serving content from a Tomcat
> server, wich is returning plenty of headers. So is there a way to add them
> in the response, like some "pass thru" ? I was not able to find useful
> informations so far, maybe because I don't know what concepts and directives
> are involved. As a very dumb and primitive test, I have added
> "http-response add-header Content-Type 'text/html'" at both FE and BE level,
> but the header is still not shown. Thanks for any help. Regards
>
> -------------------------------------------------------------------------------------------------
> FreeMail powered by mail.fr
Pleaese can you try to update HAProxy as there are ~150 Fixes in the latest
2.5. https://www.haproxy.org/bugs/bugs-2.5.1.html or try to use the latest
shiny 2.6 :-)
Can you share your current config.
Maybe the "http-after-response" could help in your case, but it's just a guess.
https://docs.haproxy.org/2.6/configuration.html#4.2-http-after-response%20set-header
Regards
Alex
-------------------------------------------------------------------------------------------------
FreeMail powered by mail.fr
