HAProxy community

ADFS http-check

I try to configure HA-Proxy 2.2.1 with an ADFS on the backend. is working but the haproxy.log show me an “warning” to use an another syntax.

parsing [/etc/haproxy/haproxy.cfg:116]: ‘option httpchk’ : hiding headers or body at the end of the version string is deprecated. Please, consider to use ‘http-check send’ directive instead.
not able to use the http-check someone have a syntax example ? below my backend configuration:

backend bk_adfs
mode http
option forwardfor header X-Client
option http-keep-alive
log /dev/log local0 debug
timeout connect 30000
timeout server 30000
balance roundrobin
option httpchk GET /adfs/ls/IdpInitiatedSignon.aspx HTTP/1.0\r\n
http-check expect string Sign\ in
stick-table type ip size 200k expire 30m
stick on src
server adfs01 172.20.1.202:443 ssl verify none check-sni server1.mydomain.com sni ssl_fc_sni

Thanks in advance for your help

Just removing the trailing \r\n should be enough here, I don’t think this option was deprecated in its entirety (just using it with \r\n to add additional headers - which you are not even doing).

http-check send should be as simple as:

http-check send GET /adfs/ls/IdpInitiatedSignon.aspx HTTP/1.0

Hello Lukas,

Is not working the syntax is wrong unfortunately

parsing [/etc/haproxy/haproxy.cfg:117] : ‘http-check send’ : expects ‘comment’, ‘meth’, ‘uri’, ‘uri-lf’, ‘ver’, ‘hdr’, ‘body’ or ‘body-lf’ but got ‘GET’ as argument.

other idea ?

Cheers

Right, must be this then:

http-check send meth GET uri /adfs/ls/IdpInitiatedSignon.aspx ver HTTP/1.0

not better always a warning
config : backend ‘bk_adfs’ uses http-check rules without ‘option httpchk’, so the rules are ignored.

my config here:
backend bk_adfs
mode http
option forwardfor header X-Client
option http-keep-alive
log /dev/log local0 debug
timeout connect 30000
timeout server 30000
balance roundrobin
http-check send meth GET uri /adfs/ls/IdpInitiatedSignon.aspx ver HTTP/1.0
http-check expect string Sign\ in
stick-table type ip size 200k expire 30m
stick on src
server adfs01 172.20.1.202:443 ssl verify none check-sni myserver.mydomain sni ssl_fc_sni

Alright:

option httpchk
http-check send meth GET uri /adfs/ls/IdpInitiatedSignon.aspx ver HTTP/1.0
http-check expect string Sign\ in

Hello Lukas,

It’s work fine ! Thanks a lot for you help in this topic