HAProxy config tutorials

HTTP redirects

On this page

Use the http-request redirect configuration directive to reroute HTTP traffic. These send back an HTTP redirect response to the client and then the client makes a new request to the new resource. When performing a redirection, the load balancer responds directly to the client. It does not forward any traffic to the server.

Redirect traffic to a location Jump to heading

Use http-request redirect location to replace the entire location of a URL. Below, we append a www subdomain in front of all URLs that do not have it. To specify the HTTP status code to return, set the code parameter with any of the following values:

Code Description
301 Permanent move
302 Temporary move; should not be cached by the client. This is the default value if no code is configured.
303 Similar to 302, but the browser must fetch the new location using a GET
307 Similar to 302, but the browser must reuse the same method as the one from the original request
308 Similar to 301, but the browser must reuse the same method as the one from the original request 
haproxy
frontend www
  bind :80
  acl has_www hdr_beg(host) -i www
  http-request redirect  code 301  location http://www.%[hdr(host)]%[capture.req.uri]  unless has_www
  default_backend webservers
haproxy
frontend www
  bind :80
  acl has_www hdr_beg(host) -i www
  http-request redirect  code 301  location http://www.%[hdr(host)]%[capture.req.uri]  unless has_www
  default_backend webservers

Redirect traffic using a prefix Jump to heading

Use http-request redirect prefix to add a prefix to the URL’s location. Below, we prefix all URLs with /api/v2/ if they don’t have it. You do not need to end the prefix with a slash. One will be added to the end of the prefix automatically.

haproxy
frontend www
  bind :80
  acl begins_with_api path_beg /api/v2/
  http-request redirect code 301 prefix /api/v2 unless begins_with_api
  default_backend webservers
haproxy
frontend www
  bind :80
  acl begins_with_api path_beg /api/v2/
  http-request redirect code 301 prefix /api/v2 unless begins_with_api
  default_backend webservers

Redirect the scheme Jump to heading

Use http-request redirect scheme to redirect to a different scheme, such as from http:// to https://. In the following example, we redirect all HTTP traffic to HTTPS:

haproxy
frontend www
  bind :80
  bind :443 ssl crt /ssl.pem
  http-request redirect scheme https unless { ssl_fc }
  default_backend webservers
haproxy
frontend www
  bind :80
  bind :443 ssl crt /ssl.pem
  http-request redirect scheme https unless { ssl_fc }
  default_backend webservers

The Location header is built by concatenating the following elements in this order:

  • the scheme (e.g. https) provided by the directive
  • ://
  • the first occurrence of the Host header
  • the URL

Info

Even with the redirect, there is still a chance that a man-in-the-middle attack can occur. To prevent this attack, consider using the http-response set-header Strict-Transport-Security directive. For details, see HTTP Strict Transport Security.

See also Jump to heading

Do you have any suggestions on how we can improve the content of this page?

Previous page DNS resolution Next page HTTP rewrites
© 2024 HAProxy Technologies, LLC. All Rights Reserved
Manage Cookie Preferences