HAProxy ALOHA Load Balancer Rewriting HTTP responses
Target network diagram
Functions to use
In order to rewrite a response, use the “rsqrep” and “rspqirep” keywords with the following syntax:
rsqrep <search> <string> [{if | unless} <cond>]
rspirep <search> <string> [{if | unless} <cond>] (ignored case)
<search>
is the regular expression applied both to the HTTP headers and to the request. This is an extended regular expression. Grouped parentheses are supported, and the backslash character is not required. All spaces and known separators must be escaped using the backslash “\”. The template is then applied to the entire line.
<string>
is the entire line to be added. All spaces and known separators must be escaped using the backslash “\”. You can refer to groups on corresponding patterns by using “\N”, where “N” is an integer between 0 and 9.
<cond>
is an optional corresponding condition produced from an ACL. Thus you can ignore this rule when the other conditions are not met.
Any line with a correspondence extended by a regular expression in the “search” argument of a request (in both the request and the header) will be completely replaced by the “string” argument. This is most commonly used to rewrite URLs or domain names in the “host” field of headers, for instance.
Important
The “rsqrep” keyword is strictly case-sensitive, while “rspirep” is case insensitive.
The <cond>
condition is available only from version v3.5.x and later.
Extract of the LB Level7 configuration
######## The first public address as seen by the clients
frontend frt
bind 10.0.32.10:80 # address:port to listen to
mode http
log global # use global log parameters
option httplog # Enable HTTP logging
maxconn 4000 # max conn per instance
timeout client 25s # maximum client idle time (ms)
default_backend bck # send everything to this backend by default
####### This backend manages the servers and the load balancing algorithm
backend bck
balance roundrobin # roundrobin | source | uri | leastconn
mode http
log global # use global log parameters
option httplog # Enable HTTP logging
cookie SERVERID insert indirect nocache # provide persistence with cookie
option httpchk HEAD / # how to check those servers
option forwardfor except 127.0.0.1/8 # add X-Forwarded-For except local
fullconn 4000 # dynamic limiting below
timeout server 25s # max server’s response time (ms)
# Replace the host name “127.0.0.1” with “www.mysite.com”
rspirep ^Location:\ 127.0.0.1 Location:\ www.mysite.com
# Replace the server fields of the “IIS7” header with “Apache”
rsprep ^Server:\ IIS7 Server:\ Apache
server srv1 10.0.32.101:80 cookie s1 weight 10 maxconn 100 check inter 1000 fall 3
server srv2 10.0.32.102:80 cookie s2 weight 10 maxconn 100 check inter 1000 fall 3
Rewriting HTTP responses
This application note is intended to help you apply rules for rewriting HTTP responses within the HAProxy ALOHA Virtual Load Balancer solution.
Objective
Replace the IP address “127.0.0.1” with “www.mysite.com”.
Intentionally provide false information on the Web server version in order to avoid targeted attacks.
Constraints
In order to rewrite responses, you need to understand regular expressions.
Complexity
2
Versions
v3.x and later