Re: http-response set-header and redirect
Thanks! On Fri, Jun 11, 2021 at 11:36 AM Tim Düsterhus wrote: > James, > > On 6/11/21 8:28 PM, James Brown wrote: > > Is there any reason (performance or otherwise) to use http-response > instead > > of just turning everything into http-after-response? > > There is a difference: If a http-response rule fails [1] then a standard > error page will be emitted. For this error page the http-after-response > rules will need be evaluated. They might fail as well, aborting the > processing and causing a very simple 500 Internal Server Error to be > emitted. This will suppress any other error (e.g. 503, 403, …). > > So complex http-after-response rules might cause additional (debugging) > issues in error situations. > > I recommend using them for the most essential stuff only. In my case > that is the Strict-Transport-Security header and a request ID response > header. > > Best regards > Tim Düsterhus > > [1] e.g. if there's insufficient memory to add the header. > -- James Brown Engineer
Re: http-response set-header and redirect
James, On 6/11/21 8:28 PM, James Brown wrote: Is there any reason (performance or otherwise) to use http-response instead of just turning everything into http-after-response? There is a difference: If a http-response rule fails [1] then a standard error page will be emitted. For this error page the http-after-response rules will need be evaluated. They might fail as well, aborting the processing and causing a very simple 500 Internal Server Error to be emitted. This will suppress any other error (e.g. 503, 403, …). So complex http-after-response rules might cause additional (debugging) issues in error situations. I recommend using them for the most essential stuff only. In my case that is the Strict-Transport-Security header and a request ID response header. Best regards Tim Düsterhus [1] e.g. if there's insufficient memory to add the header.
Re: http-response set-header and redirect
Is there any reason (performance or otherwise) to use http-response instead of just turning everything into http-after-response? On Fri, Jun 11, 2021 at 11:07 AM Tim Düsterhus wrote: > James, > > On 6/11/21 8:03 PM, James Brown wrote: > > Is there any way to set a HTTP header on a redirect being emitted by > > haproxy? > > To also match HAProxy generated responses (including redirects and error > pages) you will need to use 'http-after-response': > > > https://cbonte.github.io/haproxy-dconv/2.4/configuration.html#http-after-response > > Best regards > Tim Düsterhus > -- James Brown Engineer
Re: http-response set-header and redirect
James, On 6/11/21 8:03 PM, James Brown wrote: Is there any way to set a HTTP header on a redirect being emitted by haproxy? To also match HAProxy generated responses (including redirects and error pages) you will need to use 'http-after-response': https://cbonte.github.io/haproxy-dconv/2.4/configuration.html#http-after-response Best regards Tim Düsterhus
http-response set-header and redirect
Is there any way to set a HTTP header on a redirect being emitted by haproxy? Given the following simplified config: global log stdout user defaults log global timeout client 9s timeout server 10s timeout connect 1s frontend test_fe mode http http-response set-header Foo Bar bind localhost: redirect prefix https://www.example.com It appears that the Foo header is not set when the redirect is emitted. Is there any way to configure HAproxy to process `http-response` statements on a redirect? -- James Brown Engineer
