Copying a Header before Modifying it

[William Lewis]

Hi, So I use Haproxy to rewrite some URL requests infront of my java webservers, but I also want my java webservers to be able to issue redirects relative to the url that hit haproxy. Specifically I want the developers that have access to application platform but not the haproxy to be able to enforce a resource is only accessible over https without me having to write a rule in the haproxy config. In this case they just need to be able to get the original request and send back a 403 redirect with https:// on the front, of course they don't see the original url so this is a problem. I tried solving it with this rule reqirep ^((HEAD|GET|POST|PUT|DELETE|TRACE|OPTIONS|CONNECT|PATCH)\ ([^\ ]*)\ HTTP/1.[01]) \1\nX-Original-Request:\ \3 run before any of the rewrite rules e.g. reqrep ^([^\ \t]*[\ \t])(.*) \1/tomcatcontext\2 This results in a request to the webserver which looks like GET /tomcatcontext/ HTTP/1.1 X-Original-Request: / Host: example.com Connection: keep-alive ... This all works great until you then try and do some acl matching in the haproxy, because an acl like acl example-com hdr_end(host) -i example.com will no longer match. Looks like a bug to me but I'd be interested in hearing any other ways of getting the original request through to the backend or otherwise allowing the backend to signal the haproxy that request needs to be redirected onto https. Thanks Will Lewis