Adding header to response for specific URLs with HAproxy

haproxy redirect url path example
haproxy configuration
haproxy rewrite response url
haproxy 1.5 rewrite url
haproxy rewrite domain
haproxy url
haproxy capture request header
haproxy url masking

I have a simple condition in my HAproxy config (I tried this for frontend and backend):

acl no_index_url path_end .pdf .doc .xls .docx .xlsx
rspadd X-Robots-Tag:\ noindex if no_index_url

It should add the no-robots header to content that should not be indexed. However it gives me this WARNING when parsing the config:

acl 'no_index_url' will never match because it only involves keywords
    that are incompatible with 'backend http-response header rule'

and

acl 'no_index_url' will never match because it only involves keywords
    that are incompatible with 'frontend http-response header rule'

According to documentation, rspadd can be used in both frontend and backend. The path_end is used in examples within frontend. Why am I getting this error and what does it mean?

Starting in HaProxy 1.6 you won't be able to just ignore the error message. To get this working use the temporary variable feature:

frontend main
   http-request set-var(txn.path) path

backend local
   http-response set-header X-Robots-Tag noindex if { var(txn.path) -m end .pdf .doc }

Rewriting HTTP Requests, Methods, or Headers, Replace a particular value of a header field It is often used to maintain compatibility between old and new URLs or to turn user-friendly URLs into CMS-​friendly URLs, etc. In HAProxy, rewriting HTTP requests or responses depends on two types of HAProxy can add a Header field to the request from the client using the  Add a header in the response. HAProxy can add a Header field to the response from the server using the following directive: http-response add-header <name> <fmt> [<condition>] This directive expects the following parameters:

Apparently, even with the warning, having the acl within the frontend works perfectly fine. All the resources with .pdf, .doc, etc are getting the correct X-Robots-Tag added to them.

In other words, this WARNING is misleading and in reality the acl does match.

Modify http headers for specific URL's with HAProxy, add a comment |. up vote 0 down vote. frontend main http-request set-var(txn.​path) path backend local http-response set-header X-Robots-Tag  Adding header to response for specific URLs with HAproxy in 1.6.2 it does add the header despite the warning but also adds it to any response not matching the

if using haproxy below v1.6, create a new backend block (could be a duplicate of the default backend) and add the special headers in there. then in frontend use that backend conditionally. i.e.

use_backend alt_backend if { some_condition } 

admittedly not an ideal solution but it does the job.

How to add custom header containing the absolute address of the , Short answer: no, you can't do this in HAProxy 1.4. However, for those finding this question on 1.5+:. In HAProxy 1.5+ you can reference variables via the  The HAProxy configuration language does provide a way to add, remove and modify HTTP headers. For example, you can manipulate headers like this: However, the specification stipulates that the Access-Control-Allow-Origin header should contain only a single domain, not a list of all of your whitelisted domains.

Adding header to response for specific URLs with HAproxy, I have a simple condition in my HAproxy config (I tried this for frontend and backend): acl no_index_url path_end .pdf .doc .xls .docx .xlsx rspadd X-Robots-​Tag:\  Used in conjunction with drop-query to add a / character at the end of the URL. set-cookie NAME[=value] Adds a Set-Cookie header to the redirection. The cookie is named NAME and can have an optional value. clear-cookie NAME[=] A special Set-Cookie header is added to the redirection. The cookie is named NAME and the Max-Age cookie parameter is

HAProxy Configuration Manual ---------------------- version 2.0 willy , Since the connection is closed by the server after the response, the client does not need to know the For this, a special header is used: "Content-length". add-header: Adds a new header. If a header of the same name was sent by the client this will ignore it, adding a second header of the same name. set-header: Will add a new header in the same way as add-header, but if the request already has a header of the same name it will be overwritten. Good for security-sensitive flags that a client might want to tamper with.

HAProxy Configuration Manual, If you add sections, please update the summary below for easier searching. Since the connection is closed by the server after the response, the client does not need to For this, a special header is used: "Content-length". the evaluation stops when either is reached. url_param The URL parameter specified in argument  Add the following line to your specific haproxy back-end to instruct clients to not sniff for Content-Type: http-response set-header X-Content-Type-Options: nosniff. To do the same for nginx: add_header X-Content-Type-Options "nosniff" always;

Comments
  • You saved my day :)
  • Just a note for anyone coming across this, in 1.6.2 it does add the header despite the warning but also adds it to any response not matching the rule so I believe it is actually being ignored. That was the case for me anyway, I was using an 'unless' if that makes a difference. The accepted answer worked for me so try that.