I did it again, Sometimes I blame my tools but I wish google would reply to all, all the time - Apologies Michael
Hello Bartek, Michael, Actually on further reading what you are trying to do is incorrect according to the URL at the end of my reply. It's not possible for any browser that has ever seen the redirect. It is cached indefinitely. A 301 redirect should only be used when you are retiring a site permanently, and even then it's a bad idea - you loose visibility of the traffic still hitting the old site. The link suggests this "So change it to a 302 redirect before you do anything else." Haproxy is not a webserver. It has no means to generate a header contains dynamic data - if you really want a date header, use a webserver. There are several lightweight ones capable of this task. Alternatively tell us why you *need* such a header and we might be able to advise on a more apposite solution. http://serverfault.com/questions/671916/inject-header-in-haproxy-redirect- function Regards Andrew Smalley Loadbalancer.org Ltd. On 26 February 2017 at 17:45, Michael Ezzell <[email protected]> wrote: > > > On Feb 26, 2017 12:14, "Andrew Smalley" <[email protected]> wrote: > > Hello Bartek > > I think the portion of my example you wanted is below > > In my example I have a redirect from http to https and as such there is a > acl force src if my local ip address > > Here I add the HSTS and then redirect 301 as you wanted. > > http-response set-header Strict-Transport-Security "max-age=15552000; > includeSubDomains; preload;" > > > Andrew, I don't think http-response <anything> is going to be processed > when the request results in a redirect generated internally by HAProxy... > is it? The response isn't really from a back-end, so I wouldn't expect > those rules to fire. >
