Hi William,
Le 29/03/2012 14:30, William Lewis a écrit :
Hi,
So I use Haproxy to rewrite some URL requests infront of my java
webservers, but I also want my java webservers to be able to issue
redirects relative to the url that hit haproxy.
Specifically I want the developers that have access to application
platform but not the haproxy to be able to enforce a resource is only
accessible over https without me having to write a rule in the haproxy
config. In this case they just need to be able to get the original
request and send back a 403 redirect with https:// on the front, of
course they don't see the original url so this is a problem.
I tried solving it with this rule
reqirep ^((HEAD|GET|POST|PUT|DELETE|TRACE|OPTIONS|CONNECT|PATCH)\ ([^\
]*)\ HTTP/1.[01]) \1\nX-Original-Request:\ \3
run before any of the rewrite rules
e.g.
reqrep ^([^\ \t]*[\ \t])(.*) \1/tomcatcontext\2
This results in a request to the webserver which looks like
GET /tomcatcontext/ HTTP/1.1
X-Original-Request: /
Host: example.com
Connection: keep-alive
...
This all works great until you then try and do some acl matching in the
haproxy, because an acl like
acl example-com hdr_end(host) -i example.com
will no longer match.
It should (tested quicky here), can you provide us the version of
haproxy you're using ? I remember there was a bug in old 1.4 versions
concerning headers manipulation.
--
Cyril Bonté
