Haproxy not replacing the variable - haproxy

I'm using the following rule to redirect one subdomina (anything.registro.myserver.com.br) to another host appending a variable.
The problem the variable %[capture.req.hdr(0)] it's not replacing on the redirected link.
The final result is https://app2.otherserver.com.br/register/%[capture.req.hdr(0)]
acl fqdn_register hdr_dom(host) -i .registro.myserver.com.br
capture request header Host len 128
redirect prefix https://app2.otherserver.com.br/register/%[capture.req.hdr(0)] code 302 if fqdn_register
What is wrong?
Best regards

Related

Haproxy redirect and fowarding the subdomain

I have an Haproxy server and I need when the user type any_word.registro.myserver.com.br on the browser, the Haproxy redirect to https://app2.otherserver.com.br/register/**any_word**
The any_word is a captcha (*.registro.myserver.com.br)
Today I have the following redirect that doesn't forward:
acl fqdn_register_all hdr_dom(host) -i registro.myserver.com.br
redirect prefix https://app2.otherserver.com.br/register code 302 if fqdn_register_all
How should i change the above code?
Best regards
this rule should do the work:
acl fqdn_register hdr_dom(host) -i registro.myserver.com.br
capture request header Host len 128
redirect prefix https://app2.otherserver.com.br/register/%[capture.req.hdr(0)] code 302 if fqdn_register
hope it helps.

How do I secure cookies in HAProxy 2.2+ using an `http-response` line?

I'm upgrading from HAProxy 1.8 to 2.2 and the command reqirep has been deprecated and removed. I used this previously to automatically add Secure to cookies that weren't previously secure. I want to use the new http-response syntax.
My old code looks like this:
rspirep ^(set-cookie:\ (?:(?!(\ Secure|ASPXAUTH=)).)*)$ \1;\ Secure
This adds ; Secure to any cookie header that doesn't contain Secure or ASPXAUTH=.
I'd like to do the same thing with one of the modern http-response commands.
Here's my initial translation:
http-request replace-header Set-Cookie (.*) %[src];\ Secure if { hdr_reg(Set-Cookie) -i (?!(\ Secure|ASPXAUTH=)) }
# Replace the "Set-Cookie" header
# That contains any value
# With the initial value with "; Secure" appended to the end
# If the cookie doesn't contain " Secure" or "ASPXAUTH=", ignoring case
Is this the right approach? Have you done this successfully?
We ended up with this as a solution. It's not perfect because it will only look for Secure modifier on the end of the Set-Cookie line but it works for what we need.
http-response replace-header Set-Cookie ^((?:.(?!\ [Ss]ecure))*)$ \1;\ Secure

haproxy redirect to new domain if string found in request but keep and send all URL parameters

I want to do the following using haproxy:
if I get a request on domain 1 which includes a certain string (ie map1), I want to keep all that is after first / following the domain and redirect it all to domain 2. For example:
If I get https://sub1.domain1.gr/kjhkjhkh??efreerwer
I want to redirect to
https://sub2.domain2.gr/kjhkjhkh??efreerwer
Trying the following:
acl domain1_url hdr(host) sub1.domain1.gr
acl map1_uri capture.req.uri -m reg map1
http-request set-var(req.map1_uri) if domain1_url map1_uri
http-request set-path /%[var(req.map1_uri)]%[path] if { var(req.map1_uri) -m found }
http-request set-header Host sub2.domain2.gr if { var(req.map1_uri) -m found }
Is there something wrong with this logic?
Thank you in advance!
Well, I solved the problem.
I used:
acl domain1_url hdr(host) sub1.domain1.gr
acl map1_uri capture.req.uri -m reg map1
http-request redirect code 301 location http://sub2.domain2.gr%[capture.req.uri] if map1_uri
Read about it at http://patg.net/haproxy,apache/2017/08/04/haproxy/

HAProxy: hdr_dom(host) with redirects

We have a couple of haproxy configurations running fine for the most part.
In our scenario, we simply route requests based on domain names.
Here a sample for one domain, drawmessage.com:
frontend http
bind *:80
redirect prefix http://app.drawmessage.com code 301 if { hdr_dom(host) -i www.app.drawmessage.com }
redirect prefix http://drawmessage.com code 301 if { hdr_dom(host) -i www.drawmessage.com }
redirect prefix https://drawmessage.com code 301 if { hdr_dom(host) -i drawmessage.com }
use_backend http:app.drawmessage.com if { hdr_dom(host) -i app.drawmessage.com }
use_backend http:app.drawmessage.com if { hdr_dom(host) -i app-drawmessage-com.d250.hu }
use_backend http:drawmessage.com if { hdr_dom(host) -i drawmessage.com }
use_backend http:drawmessage.com if { hdr_dom(host) -i drawmessage-com.d250.hu }
There are other domains also, this is filtered for this domain only. As you can see, after redirects for www, we apply a special redirect for drawmessage.com, but theoretically not for app.drawmessage.com.
frontend https
bind *:443 ssl crt /var/haproxy
redirect prefix https://app.drawmessage.com code 301 if { hdr_dom(host) -i www.app.drawmessage.com }
redirect prefix https://drawmessage.com code 301 if { hdr_dom(host) -i www.drawmessage.com }
use_backend https:app.drawmessage.com if { hdr_dom(host) -i app.drawmessage.com }
use_backend https:app.drawmessage.com if { hdr_dom(host) -i app-drawmessage-com.d250.hu }
use_backend https:drawmessage.com if { hdr_dom(host) -i drawmessage.com }
use_backend https:drawmessage.com if { hdr_dom(host) -i drawmessage-com.d250.hu }
The problem is that actually, we do not want a redirect to https for the subdomain app.drawmessage.com, but since we have a redirect for the domain the redirect rule applies for both. Reordering the rules in a way, so that the sorting matches the configuration we want to achieve does produce the same result, and we get haproxy warnings:
a 'redirect' rule placed after a 'use_backend' rule will still be processed before.
If the order of configuration lines affects the order of processing a request, thus the ordering is a configuration parameter itself, why are redirect rules processed before use_backend rules? ...
Anyone has a suggestion how to achieve domain-based routing, with the correct preference of redirects? I would prefer a clean and simple way, ..
Don't use hdr_dom(). Just use hdr().
redirect prefix https://drawmessage.com code 301 if { hdr(host) -i drawmessage.com }
The _dom suffix means you want to match the value given later against any number of complete, consecutive domain-name-like tokens found in the specified header, so the pattern you provide must begin either at the beginning of the string or immediately following a . and must end either at the end of the string or be immediately followed by a .. That isn't what you want to do, so hdr_dom() isn't the correct fetch to use.
The notation may imply that you are comparing left value against right value, but the comparison is actually right value against left value.
a 'redirect' rule placed after a 'use_backend' rule will still be processed before because these directives are handled by different parts of the HAProxy code, at different stages of request processing. Within each class of rule, the order is preserved, but redirects are handled near the beginning and backend selection is near the end of request processing.

Nginx Config redirecting to lowercase string instead of original one

I am trying to do a redirect in my nginx config from SubDomain.domain.com to domain.com/SubDomain. The problem I am facing is that when i try SubDomain.domain.com nginx redirects it to domain.com/subdomain and misses the uppercases. How can i achieve that?
Here is my nginx config block:
if ($http_host ~* "^(.+)\.domain\.com$") {
set $subdomain $1;
rewrite (.*) http://domain.com/$subdomain$1;
}
The variable is always lowercase.
$host
This variable is equal to line Host in the header of request or name of the server processing the request if the Host header is not available.
This variable may have a different value from $http_host in such cases: 1) when the Host input header is absent or has an empty value, $host equals to the value of server_name directive; 2)when the value of Host contains port number, $host doesn't include that port number. $host's value is always lowercase since 0.8.17.
$http_HEADER
The value of the HTTP request header HEADER when converted to lowercase and with 'dashes' converted to 'underscores', e.g. $http_user_agent, $http_referer...;
Source: http://wiki.nginx.org/HttpCoreModule#.24host