[prev in list] [next in list] [prev in thread] [next in thread]
List: haproxy
Subject: Re: Haproxy 1.4 url redirection issue
From: Amol <mandm_zoom () yahoo ! com>
Date: 2014-02-28 15:12:35
Message-ID: 1393600355.13584.YahooMailNeo () web121303 ! mail ! ne1 ! yahoo ! com
[Download RAW message or body]
well the application behind haproxy in this case is wordpress on apache2.2, any settings there?
On Friday, February 28, 2014 4:57 AM, Baptiste <bedis9@gmail.com> wrote:
It may not fix the issue.
But at least the configuration will do what you expect from it...
That said, the issue may be in the application too :)
It is commonly seen that applications don't behave properly when SSL
offloading is enabled in front of them.
Baptiste
On Thu, Feb 27, 2014 at 4:16 PM, Amol <mandm_zoom@yahoo.com> wrote:
> Thanks Baptiste, let me give that a try
>
>
>
> On Thursday, February 27, 2014 9:37 AM, Baptiste <bedis9@gmail.com> wrote:
> Hi Amol,
>
> There are a few improvement you can do.
> First update your frontend acl to:
> acl host_xx hdr(host) -i xx.com
>
> then in your backend, this ACL should never match: "acl login_page
> url_beg /xyz"
> replace url_beg by path_beg.
>
> Your problem is not there as well.
> I think your application server is sending hardcoded data or Location
> headers.
> analyzing the body of the pages and HAProxy logs may help here.
>
> Baptiste
>
>
>
> On Tue, Feb 25, 2014 at 4:56 PM, Amol <mandm_zoom@yahoo.com> wrote:
>> Hi i am using HA-Proxy version 1.4.12 and i have an issue trying to
>> redirect
>> my website to "http"
>> requirement : when a user types in http://<website_name>.com he should not
>> be redirected to https://<website_name>.com
>> currently it does that and some of the video links on our main page do not
>> work (basically vimeo has http links while our page is https so it throws
>> a
>> security exception)
>>
>> at the same time we need users with http://<website_name>.com/xyz to be
>> redirected to https://<website_name>.com/xyz (this helps users login to
>> secure application)
>>
>> so under my current configurations i cannot get the first part to work,
>> basically (www.<website_name>.com works and stays http but when i type
>> http://<website_name>.com it does a redirection to https)
>>
>> frontend http-in
>> bind xx.xx.xx.xx:80 name http
>> bind 10.xx.xx.xx:8000 name https # forwared by stunnel
>>
>> acl host_xx hdr_beg(host) -i xx.com
>> use_backend xx-http if host_xx
>> default_backend xx-https
>>
>> backend xx-http
>> balance roundrobin
>> cookie BALANCEID insert indirect nocache
>> option http-server-close
>> option httpchk OPTIONS /check.txt HTTP/1.1\r\nHost:\ www
>> server xx-app1 xx.xx.xx.xx:80 cookie A check
>> server xx-app6 xx.xx.xx.xx:80 cookie B check backup
>> acl secure dst_port eq 8000
>> acl login_page url_beg /xyz
>> redirect prefix https://xx.com if login_page !secure
>>
>> backend xx-https
>> mode http
>> balance roundrobin
>> cookie BALANCEID insert indirect nocache
>> option http-server-close
>> # option forwardfor except 127.0.0.1
>> option httpchk OPTIONS /check.txt HTTP/1.1\r\nHost:\ www
>> server xx-app1 xx.xx.xx.xx:80 cookie s1 weight 1 maxconn 5000 check
>> server xx-app6 xx.xx.xx.xx:80 cookie s2 weight 1 maxconn 5000 check
>> backup
>>
>> any suggestions?
>>
>
>
>
[Attachment #3 (text/html)]
<html><body><div style="color:#000; background-color:#fff; font-family:HelveticaNeue, \
Helvetica Neue, Helvetica, Arial, Lucida Grande, sans-serif;font-size:12pt">well the \
application behind haproxy in this case is wordpress on apache2.2, any settings \
there?<br><div><span><br></span></div><div style="display: block;" \
class="yahoo_quoted"> <br> <br> <div style="font-family: HelveticaNeue, Helvetica \
Neue, Helvetica, Arial, Lucida Grande, sans-serif; font-size: 12pt;"> <div \
style="font-family: HelveticaNeue, Helvetica Neue, Helvetica, Arial, Lucida Grande, \
sans-serif; font-size: 12pt;"> <div dir="ltr"> <font face="Arial" size="2"> On \
Friday, February 28, 2014 4:57 AM, Baptiste <bedis9@gmail.com> wrote:<br> \
</font> </div> <div class="y_msg_container">It may not fix the issue.<br \
clear="none">But at least the configuration will do what you expect from it...<br \
clear="none"><br clear="none">That said, the issue may be in the application too \
:)<br clear="none">It is commonly seen that applications don't behave properly when \
SSL<br clear="none">offloading is enabled in front of them.<br clear="none"><br \
clear="none">Baptiste<br clear="none"><br clear="none"><div class="yqt0344261634" \
id="yqtfd69176"><br clear="none">On Thu, Feb 27, 2014 at 4:16 PM, Amol <<a \
shape="rect" ymailto="mailto:mandm_zoom@yahoo.com" \
href="mailto:mandm_zoom@yahoo.com">mandm_zoom@yahoo.com</a>> wrote:<br \
clear="none">> Thanks Baptiste, let me give that a try<br clear="none">><br \
clear="none">><br clear="none">><br clear="none">> On Thursday, February 27, \
2014 9:37 AM, Baptiste <<a shape="rect" ymailto="mailto:bedis9@gmail.com" \
href="mailto:bedis9@gmail.com">bedis9@gmail.com</a>> wrote:<br clear="none">> \
Hi Amol,<br clear="none">><br clear="none">> There are a few improvement you \
can do.<br clear="none">> First update your frontend acl to:<br \
clear="none">> acl host_xx hdr(host) -i xx.com<br clear="none">><br \
clear="none">> then in your backend, this ACL should never match: "acl \
login_page<br clear="none">> url_beg /xyz"<br clear="none">> replace \
url_beg by path_beg.<br clear="none">><br clear="none">> Your problem is not \
there as well.<br clear="none">> I think your application server is sending \
hardcoded data or Location<br clear="none">> headers.<br clear="none">> \
analyzing the body of the pages and HAProxy logs may help here.<br \
clear="none">><br clear="none">> Baptiste<br clear="none">><br \
clear="none">><br clear="none">><br clear="none">> On Tue, Feb 25, 2014 at \
4:56 PM, Amol <<a shape="rect" ymailto="mailto:mandm_zoom@yahoo.com" \
href="mailto:mandm_zoom@yahoo.com">mandm_zoom@yahoo.com</a>> wrote:<br \
clear="none">>> Hi i am using HA-Proxy version 1.4.12 and i have an issue \
trying to<br clear="none">>> redirect<br clear="none">>> my website to \
"http"<br clear="none">>> requirement : when a user types in \
http://<website_name>.com he should not<br clear="none">>> be redirected \
to https://<website_name>.com<br clear="none">>> currently it does that \
and some of the video links on our main page do not<br clear="none">>> work \
(basically vimeo has http links while our page is https so it throws<br \
clear="none">>> a<br clear="none">>> security exception)<br \
clear="none">>><br clear="none">>> at the same time we need users with \
http://<website_name>.com/xyz to be<br clear="none">>> redirected to \
https://<website_name>.com/xyz (this helps users login to<br \
clear="none">>> secure application)<br clear="none">>><br \
clear="none">>> so under my current configurations i cannot get the first part \
to work,<br clear="none">>> basically (www.<website_name>.com works and \
stays http but when i type<br clear="none">>> http://<website_name>.com \
it does a redirection to https)<br clear="none">>><br clear="none">>> \
frontend http-in<br clear="none">>> bind \
xx.xx.xx.xx:80 name http<br clear="none">>> bind \
10.xx.xx.xx:8000 name https # forwared by stunnel<br clear="none">>><br \
clear="none">>> acl host_xx hdr_beg(host) -i \
xx.com<br clear="none">>> use_backend xx-http if \
host_xx<br clear="none">>> default_backend \
xx-https<br clear="none">>><br clear="none">>> backend xx-http<br \
clear="none">>> balance roundrobin<br \
clear="none">>> cookie BALANCEID insert indirect \
nocache<br clear="none">>> option \
http-server-close<br clear="none">>> option httpchk \
OPTIONS /check.txt HTTP/1.1\r\nHost:\ www<br clear="none">>> \
server xx-app1 xx.xx.xx.xx:80 cookie A check<br \
clear="none">>> server xx-app6 xx.xx.xx.xx:80 cookie \
B check backup<br clear="none">>> acl secure \
dst_port eq 8000<br clear="none">>> acl login_page \
url_beg /xyz<br clear="none">>> redirect \
prefix <a shape="rect" href="https://xx.com/" target="_blank">https://xx.com </a>if \
login_page !secure<br clear="none">>><br clear="none">>> backend \
xx-https<br clear="none">>> mode http<br \
clear="none">>> balance roundrobin<br \
clear="none">>> cookie BALANCEID insert indirect \
nocache<br clear="none">>> option \
http-server-close<br clear="none">>> # option \
forwardfor except 127.0.0.1<br clear="none">>> \
option httpchk OPTIONS /check.txt HTTP/1.1\r\nHost:\ www<br \
clear="none">>> server xx-app1 xx.xx.xx.xx:80 cookie \
s1 weight 1 maxconn 5000 check<br clear="none">>> \
server xx-app6 xx.xx.xx.xx:80 cookie s2 weight 1 maxconn 5000 check<br \
clear="none">>> backup<br clear="none">>><br clear="none">>> any \
suggestions?<br clear="none">>><br clear="none">><br clear="none">><br \
clear="none">><br clear="none"><br clear="none"></div><br><br></div> </div> \
</div> </div> </div></body></html>
[prev in list] [next in list] [prev in thread] [next in thread]
Configure |
About |
News |
Add a list |
Sponsored by KoreLogic