Basic features : HTTP rewriting and redirection

Installing a load balancer in front of an application that was never designed
for this can be a challenging task without the proper tools. One of the most
commonly requested operation in this case is to adjust requests and response
headers to make the load balancer appear as the origin server and to fix hard
coded information. This comes with changing the path in requests (which is
strongly advised against), modifying Host header field, modifying the Location
response header field for redirects, modifying the path and domain attribute
for cookies, and so on. It also happens that a number of servers are somewhat
verbose and tend to leak too much information in the response, making them more
vulnerable to targetted attacks. While it's theorically not the role of a load
balancer to clean this up, in practice it's located at the best place in the
infrastructure to guarantee that everything is cleaned up.

Similarly, sometimes the load balancer will have to intercept some requests and
respond with a redirect to a new target URL. While some people tend to confuse
redirects and rewriting, these are two completely different concepts, since the
rewriting makes the client and the server see different things (and disagree on
the location of the page being visited) while redirects ask the client to visit
the new URL so that it sees the same location as the server.

In order to do this, HAProxy supports various possibilities for rewriting and
redirect, among which :

  - regex-based URL and header rewriting in requests and responses. Regex are
    the most commonly used tool to modify header values since they're easy to
    manipulate and well understood;

  - headers may also be appended, deleted or replaced based on formated strings
    so that it is possible to pass information there (eg: client side TLS
    algorithm and cipher);

  - HTTP redirects can use any 3xx code to a relative, absolute, or completely
    dynamic (formated string) URI;

  - HTTP redirects also support some extra options such as setting or clearing
    a specific cookie, dropping the query string, appending a slash if missing,
    and so on;

  - all operations support ACL-based conditions;

results matching ""

    No results matching ""