Re: haproxy-dev18 http-request

Wed, 03 Apr 2013 03:48:37 -0700 

Hey Thomas,
That's indeed what I had, but the http-request directive seemed more efficient. And, because http://blog.exceliance.fr/2013/02/26/ssl-offloading-impact-on-web-applications/ stated it was possible I thought it would be a good idea to use it :-) 

Greets,

Sander

On 03.04.2013 12:37, Thomas Heil wrote:

Hi,

 Why not using something like,

 reqidel ^X-Forwarded-Proto:.*
 reqadd X-Forwarded-Proto: https if { ssl_fc }
 reqadd X-Forwarded-Proto: http if ! { ssl_fc }

 cheers
 thomas

 On 03.04.2013 12:26, Baptiste wrote:


Ah sorry, I misread!

http-request set-header X-Frontend-SSL %[ssl_fc] https

%[ssl_fc] will be 0 in case of HTTP and 1 in case of SSL.

You can't setup an ACL after the set-header directive.

Baptiste


On Wed, Apr 3, 2013 at 12:09 PM, Sander Klein <[email protected]> 
wrote:



Hmmm, nope, it still doesn't work

I did:

http-request set-header X-Forwarded-Proto https if { ssl_fc }
http-request set-header X-Forwarded-Ssl on if { ssl_fc }
http-request set-header X-Forwarded-Proto http if !{ ssl_fc }
http-request set-header X-Forwarded-Ssl off if !{ ssl_fc }

But this still gives me:


Reloading haproxy: haproxy[ALERT] 092/120655 (9669) : parsing 
[/etc/haproxy/haproxy.cfg:221]: 'http-request set-header' expects 
exactly 2 arguments.
[ALERT] 092/120655 (9669) : Error(s) found in configuration file : 
/etc/haproxy/haproxy.cfg

failed!

Greets,

Sander

On 03.04.2013 11:38, Baptiste wrote:


Hi,


You want to use anonymous ACLs which requires brackets '{' and '}', 
like:


http-request set-header X-Forwarded-Proto https if { ssl_fc }

Baptiste


On Wed, Apr 3, 2013 at 11:15 AM, Sander Klein <[email protected]> 
wrote:



Hi,

I try to do the following in my haproxy (dev18) config:

http-request set-header X-Forwarded-Proto https if ssl_fc
http-request set-header X-Forwarded-Ssl on if ssl_fc

http-request set-header X-Forwarded-Proto http if ! ssl_fc
http-request set-header X-Forwarded-Ssl off if ! ssl_fc

But, when I reload I get:


Reloading haproxy: haproxy[ALERT] 092/110441 (22291) : parsing 
[/etc/haproxy/haproxy.cfg:221]: 'http-request set-header' expects 
exactly 2 arguments.
[ALERT] 092/110441 (22291) : Error(s) found in configuration file 
: /etc/haproxy/haproxy.cfg

failed!


I'm a bit at a loss here, since I saw an example somewhere on the 
Exceliance site and if I read the haproxy configuration manual it 
states:



http-request { allow | deny | tarpit | auth [realm <realm>] | 
redirect <rule> |

add-header <name> <fmt> | set-header <name> <fmt> }
[ { if | unless } <condition> ]


I might be interpreting this wrong, but the way I read it using 
the if statement with set-header is legal to use in the config. Am 
I wrong?


Greets,

Sander
























					Reply via email to