Re: add header into http-request redirect

Sun, 26 Feb 2017 08:55:51 -0800 

Hello Bartek

I assumed it was haproxy related and as such my example will work. However
I hope the link below helps you get going with NGINX

https://www.nginx.com/blog/http-strict-transport-security-hsts-and-nginx/

Regards

Andrew Smalley

Loadbalancer.org Ltd.



On 26 February 2017 at 16:47, Bartek Radziszewski <b...@radziszewski.com>
wrote:

> Hi Andrew,
> ‘
> Thanks for your answer. Unfortunately your example is not solving my issue.
>
> I need to add header Strict-Transport-Security into 301 redirect - i made
> it already on nginx:
>
> curl -I https://www.xxx.com
> HTTP/1.1 301 Moved Permanently
> Server: nginx
> Date: Sun, 26 Feb 2017 16:10:59 GMT
> Content-Type: text/html
> Content-Length: 178
> Connection: keep-alive
> Location: https://xxx.com/
> Strict-Transport-Security: max-age=31556926; includeSubDomains
>
> but don’t know how to do it on haproxy.
>
> Thanks,
> Bartek
>
> On 26 Feb 2017, at 17:39, Andrew Smalley <asmal...@loadbalancer.org>
> wrote:
>
> Hello Bartek
>
> I hope the example below helps with adding a http-response for HSTS /
> Strict-Transport-Security
>
>
> listen hsts_example
>     bind 192.168.0.231:80 transparent
>     mode http
>     http-response set-header Strict-Transport-Security "max-age=15552000; 
> includeSubDomains; preload;"
>     balance leastconn
>     option forwardfor if-none
>     stick on hdr(X-Forwarded-For,-1)
>     stick on src
>     stick-table type string len 64 size 10240k expire 30m peers 
> loadbalancer_replication
>     server backup 127.0.0.1:9081 backup source 0.0.0.0 non-stick
>     source 0.0.0.0 usesrc clientip
>     option http-keep-alive
>     option redispatch
>     option abortonclose
>     maxconn 40000
>     acl force src 192.168.0.250 54.77.60.1
>     reqadd X-Forwarded-Proto:\ https if force
>     redirect scheme https code 301 if !force
>     server RIP_Name 10.0.1.1  weight 100  check port 80 inter 4000  rise 2  
> fall 2  minconn 0  maxconn 0  on-marked-down shutdown-sessions
>
>
> Regards
>
> Andrew Smalley
>
> Loadbalancer.org Ltd.
>
>
>
> On 26 February 2017 at 16:18, Bartek Radziszewski <b...@radziszewski.com>
> wrote:
>
>> Hi,
>>
>> It’s possible to add Strict-Transport-Security header into 301 redirect
>> (http-request redirect code 301) ?
>>
>> Thanks,
>> Bartek
>>
>
>
>

Reply via email to