R Wagner
Reputation: 25
HAProxy add some headers before 302 redirect
I'm trying to add some security headers to the responses that are directed to a specific port. I have the following configured frontend:
frontend desenv_ext_1
bind *:80
bind *:443 ssl crt /etc/ssl/certs/cert.pem
mode http
option tcplog
default_backend desenv_1
timeout client 5m
#ACL to new attempt
acl header_c dst_port 80
#Attempt with no ACL
http-response set-header X-Frame-Options SAMEORIGIN
#Attempt with ssl ACL
http-response set-header Strict-Transport-Security max-age=31535400;\ includeSubDomains;\ preload; if {ssl_fc}
http-response add-header Referrer-Policy no-referrer if !{ ssl_fc }
#Attempt with header_c ACL
http-response set-header X-Content-Type-Options nosniff if header_c
http-response add-header X-XSS-Protection 1;\ mode=block if header_c
#Attempt with rspadd
rspadd X-Backen-Serve\ laranja if header_c
rspadd X-Backend-Serve\ caju if HTTP
redirect scheme https if !{ ssl_fc }
You see, in the configuration you have some tests in different ways, and neither of these ways works.
The redirect is working correctly, but the headers are not added in the port 80 response:
[root@managerr temp]# curl -I http://localhost
HTTP/1.1 302 Found
Cache-Control: no-cache
Content-length: 0
Location: https://localhost/
Connection: close
I would like requests arriving on port 80 to have the following headers added, even if they have a redirect to port 443:
Strict-Transport-Security max-age=31535400;\ includeSubDomains;\ preload;
X-Frame-Options SAMEORIGIN
X-Content-Type-Options nosniff
X-XSS-Protection 1;\ mode=block
The output that I need is this:
HTTP/1.1 302 Found
Strict-Transport-Security max-age=31535400;\ includeSubDomains;\ preload;
X-Frame-Options SAMEORIGIN
X-Content-Type-Options nosniff
X-XSS-Protection 1;\ mode=block
Cache-Control: no-cache
Content-length: 0
Location: https://localhost/
Connection: close
Backend:
backend desenv_1
mode http
option tcplog
server manga x.x.x.x:80 check cookie manga
timeout connect 10s
timeout server 5m
My HA-Proxy version 1.5.18
Upvotes: 1
Views: 2798
Answers (1)
nuster cache server
Reputation: 1791
redirect gets executed before http-response, so these http-response s never get executed.
use this:
http-request redirect location "https://%[hdr(host)]%[url]\r\nX-Frame-Options: SAMEORIGIN\r\nReferrer-Policy: no-referrer"
Upvotes: 1
Related Questions
- HAProxy redirecting http to https (ssl)
- How to redirect with additional headers in the response?
- How to redirect URL with HAProxy
- Haproxy redirecting
- Haproxy - 301/302 redirect URL1 to URL2 with all pathes
- Redirect on HAProxy
- HAProxy Redirect URL
- How to add additional headers to 302 redirects in Apache?
- HAProxy redirect scheme in backend not working
- HAProxy redirect scheme not working as documented