Hi Remy,
you can enable both HTTP and HTTPs in the frontend and then use ACLs
to force traffic to move to HTTP or HTTPs based on the client side
connection type and URL.:
http-request redirect scheme https if !{ ssl_fc } { path_beg -i /admin }
http-request redirect scheme http if { ssl_fc } !{ path_beg -i /admin }
Baptiste
On Wed, Jan 8, 2014 at 9:02 AM, Remy van Elst <[email protected]> wrote:
> Howdy,
>
> I've not yet received a response on my earlier email, sending it again.
>
>
> -------- Origineel bericht --------
> Onderwerp: client side ssl certificates for specific location
> Datum: Wed, 18 Dec 2013 20:09:32 +0100
> Van: Remy van Elst <[email protected]>
> Aan: [email protected]
>
>
>
> Hello,
>
> I want to enable client side ssl for a specific URL only. My web app
> admin lives at https://example.org/admin and I want only the /admin part
> require a client certificate. In Apache I would do it with a <Location
> /admin> block. In haproxy I am able to require a certificate for the
> entire frontend, but not for part of the frontend. (For example, |§acl
> req_cert path_beg /admin|- and maybe something like client-cert if
> req_cert).
>
> On IRC I was told this is not possible currently: "[16:30:12] meineerde:
> Raymii: this isn't possible right now as the ssl handling is fully done
> before any higher-layer stuff (i.e. http) is handled".
>
> If it's possible, I'd like to do a feature request?
>
> Sincerely,
> Remy van Elst
> https://raymii.org
>
>
>
>
