Hi, Jonathan. Thanks for your reply. Unfortunately we can't use a request ACL to perform actions on a response, as per http://marc.info/?l=haproxy&m=138384425604641&w=1 (and our own experience confirms it). The request object is not available any more when the response is being altered.
Willy's suggested approach was to use a request ACL to send traffic to a different backend, which can then apply the response action. So, in the case where that backend is almost a duplicate of the first, is there (or should there be) some way to reduce the duplication? Regards Thrawn On 2015-03-09 14:27:09, Jonathan Matthews wrote: I don't know about your specific *question*, but to solve your specific *problem*, you might just use rspadd's conditional form: frontend foo acl admin url_beg /admin rspadd "X-Frame-Options: DENY" if admin rspadd "X-Frame-Options: ALLOW-FROM some-trusted-server.com" unless admin default_backend whatever As per https://cbonte.github.io/haproxy-dconv/configuration-1.5.html#rspadd= . Dictated but not tested ;-) Jonathan
