Hi, Sorry to add a little up but I need to know if there is a way to send existing headers from the backend to the frontend, or if I have to ask the devs to modify their code and remove some tests. Regards
Le 28-Jun-2022 13:54:22 +0200, spfma.t...@e.mail.fr a crit: Hi, Thanks for you answer. I have just added "http-after-response add-header Content-Type 'text/html'" at the FE level and now I have the required header. Nice improvement but is there a way to extract the headers and their values coming from the BE and inject them the same way, instead of arbitrary forcing a value ? For that example it's quite ok to use a defined value, but maybe having something more "dynamic" can help for future use cases. Or maybe some URLs wil return JSON or something else and forcing the wrong type will mess things up. As I am using Docker containers, I swicthed to 2.6. Here is my currently running config : global log stdout format raw local0 debug ca-base /etc/ssl/certs crt-base /etc/ssl/private # [TODO] Custom error page #errorfile 503 /etc/haproxy/errors/503.http defaults mode http option httplog option dontlognull option h1-case-adjust-bogus-client log global frontend web-vip bind *:443 ssl crt /etc/ssl/certs/haproxy.pem bind *:80 http-request redirect scheme https unless { ssl_fc } ################## # DOS protection # ################## acl acl_dp_whitelist src A.B.C.D/24 http-request track-sc0 src table table_login_limiter timeout tarpit 10s http-request tarpit deny_status 429 if !acl_dp_whitelist { sc_get_gpc0(0) gt 10 } http-response sc-inc-gpc0(0) if !acl_dp_whitelist { status 401 } ######## # ACLs # ######## # COMMON acl acl_is_root path -i / # CAS acl acl_cas_url path_dir -i cas # CAS PROTOCOL URIs (2.0 / 3.0) acl acl_cas_login_uri path -i -m beg /login acl acl_cas_logout_uri path -i -m beg /logout acl acl_cas_service_validate_uri path -i -m beg /serviceValidate acl acl_cas_proxy_validate_uri path -i -m beg /proxyValidate acl acl_cas_proxy_uri path -i -m beg /proxy acl acl_cas_validate_uri path -i -m beg /validate http-after-response add-header Content-Type 'text/html' ################################### # CAS missing prefix redirections # ################################### #http-request redirect prefix /cas if acl_is_root || acl_cas_login_uri || acl_cas_logout_uri || acl_cas_service_validate_uri || acl_cas_proxy_validate_uri || acl_cas_proxy_uri || acl_cas_validate_uri ##################### # Backend selection # ##################### use_backend cas-server if acl_cas_url ############ # Backends # ############ ################# # Login limiter # ################# backend table_login_limiter stick-table type ip size 1m expire 60s store http_req_rate(60s),gpc0 ####### # CAS # ####### backend cas-server option http-keep-alive option forwardfor http-response replace-header Location (https?://%[req.hdr(Host)](:[0-9]+)?)?(/cas/)(.*) \1\4 if !{ capture.req.uri -m beg /cas/ } server cas_local cas:8080 check Regards Le 28-Jun-2022 12:43:11 +0200, al-hapr...@none.at a crit: Hi. On Tue, 28 Jun 2022 12:23:15 +0200 spfma.t...@e.mail.fr wrote: > Hi, I have a problem to solve : I never paid attention to the fact HAProxy > (2.5.1-86b093a) did not return HTTP headers in the reponses, because there > was no complaints so far. But now we got one, because of an old application > which needs at least "Content-Type" as some tests are performed before > generating the content. If the devs don't fix it, I will have to find a > solution on the load balancer side. The LB is serving content from a Tomcat > server, wich is returning plenty of headers. So is there a way to add them > in the response, like some "pass thru" ? I was not able to find useful > informations so far, maybe because I don't know what concepts and directives > are involved. As a very dumb and primitive test, I have added > "http-response add-header Content-Type 'text/html'" at both FE and BE level, > but the header is still not shown. Thanks for any help. Regards > > ------------------------------------------------------------------------------------------------- > FreeMail powered by mail.fr Pleaese can you try to update HAProxy as there are ~150 Fixes in the latest 2.5. https://www.haproxy.org/bugs/bugs-2.5.1.html or try to use the latest shiny 2.6 :-) Can you share your current config. Maybe the "http-after-response" could help in your case, but it's just a guess. https://docs.haproxy.org/2.6/configuration.html#4.2-http-after-response%20set-header Regards Alex ------------------------------------------------------------------------------------------------- FreeMail powered by mail.fr ------------------------------------------------------------------------------------------------- FreeMail powered by mail.fr