Also Hi,

Remember that for https connections no forwardfor header will be added.(unless you offload the ssl on or before haproxy)

Also i don't understand why you have an acl in the https backend? You the only bind is on port 443 so if that frontend is contacted then it will always pass the acl for dst_port 443.
#---------------------------------
frontend PROD_webfarm_https
#---------------------------------
   bind 10.2.0.101:443 <http://10.2.0.101:443>
   mode tcp
   acl is_port_443 dst_port 443
   use_backend PROD_https if is_port_443
   default_backend PROD_http
   maxconn 4000

(or is that some higher HAproxy logic/failsafe im missing?)
Greets PiBa-NL

Reply via email to