On Fri, Aug 12, 2016 at 9:02 AM, Maurice van Ree <[email protected]>
wrote:
> Hi,
>
> We ran into some trouble where users would explicitly enter www in front
> of a subdomain, having them thinking they're unable to connect. So we came
> up with a solution of registering those dns names as well, e.g.
> app.mydomain.com as well as www.app.mydomain.com and handle things from
> there. Because we use HAProxy behind an Amazon elastic load balancer which
> takes care of some things for us, the idea was to forward incoming requests
> for both dns entries to HAProxy, filter out the www. requests and do a
> permanent redirect to the non www. entry. This way they should arrive at
> the Amazon load balancer just like they never entered the www. and traffic
> should be handled as such.
>
> I tried both using the prefix and location options for the redirect, but
> keep running into the problem that the host header seems to remain
> unchanged. This is causing my acl condition to remain true at all times,
> which in turn causes a redirect loop.
>
Why don't you change the Host header too then?
> These are both acls which I came up with, where $frontend is typically
> something like myapp.mydomain.com:
>
> http-request redirect code 301 prefix {{$frontend}} if { hdr(host) -i
> www.{{$frontend}} }
> http-request redirect code 307 location {{$frontend}}%[capture.req.uri]
> if { hdr(host) -i www.{{$frontend}} }
>
> Both lead to a never ending concatenation of the $frontend variable being
> added after the original host it seems:
>
> www.myapp.mydomain.com/uri/myapp.mydomain.com/uri/......index.html
>
> I think this is caused by the host header remaining the same (I checked
> this using a Chrome plugin).
> However, when I specifically enter a protocol in front of the redirect
> location like this for example, it works fine:
>
> http-request redirect code 301 prefix http://{{$frontend}} if { hdr(host)
> -i www.{{$frontend}} }
>
> Since we have a mix of configurations where both secure and non-secure
> traffic is possible, I don't really want to complicate things further and
> go down that route.
>
> Two concrete questions:
>
> 1. Do you have any idea why this happens, and doesn't happen when
> specifying a protocol?
> 2. Is there any solution to this? As far as I know, rewriting the host
> header in a redirect isn't something that is supported by HAProxy (and not
> really that nice..) right?
>
>
> Best Regards,
>
> Maurice van Ree
>
--
Igor Cicimov | DevOps
p. +61 (0) 433 078 728
e. [email protected] <http://encompasscorporation.com/>
w*.* www.encompasscorporation.com
a. Level 4, 65 York Street, Sydney 2000
