Always set HTTP response header?

mag · May 12, 2018, 1:00pm

Hello,
HAProxy 1.7.10 (pfSense) here.
I’ve got a TLS/SSL enabled frontend that’s configured to unconditionally send the Strict-Transport-Security HTTP response header, e.g.

http-response set-header Strict-Transport-Security "max-age=31536000; includeSubDomains"

This works, but only for successful responses (from the HAProxy point of view).
If there’s a HAProxy generated error response such as HTTP 503, the header is missing and I’d like to have it there as well.

For example Apache has the always condition its the Header directive designed for such purpose: http://httpd.apache.org/docs/current/mod/mod_headers.html#header

Header always set Strict-Transport-Security "max-age=31536000; includeSubDomains"

Is it somehow possible to achieve this with HAProxy?

lukastribus · May 13, 2018, 7:54am

Unfortunately this is not currently possible the easy way.

A few possible workarounds are:

use custom error pages and insert the header manually there (the custom error pages must contain the entire HTTP response, including HTTP headers) - however this still does not cover haproxy redirects, if you are using that
Iterate through a dedicated frontend/backend section for the purpose of adding the header, use the second layer proxying for load-balancing, errors, etc, so that when an error is generated in the second layer, the first layer will be responsible for adding the header

Topic		Replies	Views
Setting a http-response header with redirect Help!	2	2162	February 5, 2020
How to set/provide X-Forwarded-* headers Help!	1	15786	October 1, 2021
Http-response set-header Help!	1	1224	May 29, 2024
401 Response - Add Custom Header? Help!	1	1541	March 21, 2016
Http-response set-header with condition, not working Help!	10	18973	May 8, 2020

Always set HTTP response header?

Related topics