HAProxy community

Bad CASv6 302 redirect through HAP

Hi !

i’m testing HAProxy for replacement of a old loadbalancer for a university. I have no problem for most of site on the migration but one do not working through HAP for CAS authentification service.

A “%3A80” is adding by HAP on url indifferently on 80 or 443 port
https://casv6.univ-example.com/cas/login?service=https%3A%2F%2Ftoto-qual.univ-example.com**%3A80**%2F

Note: the redirect from http to https is made by backends servers

With an other webapp trough the same frontend and backend, i haven’t the problem.

I was searching on HAP documentation and on the web but i haven’t find what to do… Did you have an idea ?

frontend frontaux_qual_HTTP
bind 1.2.3.4:80
mode http
#no log
description port frontaux-qual HTTP vlan public145
option socket-stats
timeout client 5s
default_backend http_frontaux_qual_backends

frontend frontaux_qual_HTTPS
bind 1.2.3.4:443 ssl crt /etc/ssl/private/star_univ-example_com.pem alpn h2,http/1.1
mode http
description port frontaux-qual HTTPS vlan public145
#no log
option forwardfor
http-request add-header X-Forwarded-Proto https
option socket-stats
timeout client 5s
default_backend https_frontaux_qual_backends

backend http_frontaux_qual_backends
balance roundrobin
stick-table type ip size 200k expire 30m
stick on src
#no log
mode http
option httpchk
server frontal1-qual frontal1-qual.univ-example.com:80 check fall 1 rise 1 fastinter 500 downinter 5000
server frontal2-qual frontal2-qual.univ-example.com:80 check fall 1 rise 1 fastinter 500 downinter 5000
server frontal3-qual frontal3-qual.univ-example.com:80 check fall 1 rise 1 fastinter 500 downinter 5000
server frontal4-qual frontal4-qual.univ-example.com:80 check fall 1 rise 1 fastinter 500 downinter 5000

backend https_frontaux_qual_backends
balance roundrobin
stick-table type ip size 200k expire 30m
stick on src
#no log
mode http
option httpchk
server frontal1-qual frontal1-qual.univ-example.com:443 check fall 1 rise 1 fastinter 500 downinter 5000 ssl verify none
server frontal2-qual frontal2-qual.univ-example.com:443 check fall 1 rise 1 fastinter 500 downinter 5000 ssl verify none
server frontal3-qual frontal3-qual.univ-example.com:443 check fall 1 rise 1 fastinter 500 downinter 5000 ssl verify none
server frontal4-qual frontal4-qual.univ-example.com:443 check fall 1 rise 1 fastinter 500 downinter 5000 ssl verify none

HAP version: 2.0.17-1~bpo10+1

Hi !

if someone have the same problem: i find out why:

the problem come from old php-cas package (version < 1.3.4 ) who are on old ubuntu LTS (16.04 & 18.04).

ref: https://goweb.tamu.edu/https-and-the-cas-maestro-wordpress-plugin/

A rapid solution can be to install directly a deb from the 20.04 (no dependency problem on php7.X).