Bad CASv6 302 redirect through HAP

fstefaniak · August 25, 2020, 1:35pm

Hi !

i’m testing HAProxy for replacement of a old loadbalancer for a university. I have no problem for most of site on the migration but one do not working through HAP for CAS authentification service.

A “%3A80” is adding by HAP on url indifferently on 80 or 443 port
https://casv6.univ-example.com/cas/login?service=https%3A%2F%2Ftoto-qual.univ-example.com**%3A80**%2F

Note: the redirect from http to https is made by backends servers

With an other webapp trough the same frontend and backend, i haven’t the problem.

I was searching on HAP documentation and on the web but i haven’t find what to do… Did you have an idea ?

frontend frontaux_qual_HTTP
bind 1.2.3.4:80
mode http
#no log
description port frontaux-qual HTTP vlan public145
option socket-stats
timeout client 5s
default_backend http_frontaux_qual_backends

frontend frontaux_qual_HTTPS
bind 1.2.3.4:443 ssl crt /etc/ssl/private/star_univ-example_com.pem alpn h2,http/1.1
mode http
description port frontaux-qual HTTPS vlan public145
#no log
option forwardfor
http-request add-header X-Forwarded-Proto https
option socket-stats
timeout client 5s
default_backend https_frontaux_qual_backends

backend http_frontaux_qual_backends
balance roundrobin
stick-table type ip size 200k expire 30m
stick on src
#no log
mode http
option httpchk
server frontal1-qual frontal1-qual.univ-example.com:80 check fall 1 rise 1 fastinter 500 downinter 5000
server frontal2-qual frontal2-qual.univ-example.com:80 check fall 1 rise 1 fastinter 500 downinter 5000
server frontal3-qual frontal3-qual.univ-example.com:80 check fall 1 rise 1 fastinter 500 downinter 5000
server frontal4-qual frontal4-qual.univ-example.com:80 check fall 1 rise 1 fastinter 500 downinter 5000

backend https_frontaux_qual_backends
balance roundrobin
stick-table type ip size 200k expire 30m
stick on src
#no log
mode http
option httpchk
server frontal1-qual frontal1-qual.univ-example.com:443 check fall 1 rise 1 fastinter 500 downinter 5000 ssl verify none
server frontal2-qual frontal2-qual.univ-example.com:443 check fall 1 rise 1 fastinter 500 downinter 5000 ssl verify none
server frontal3-qual frontal3-qual.univ-example.com:443 check fall 1 rise 1 fastinter 500 downinter 5000 ssl verify none
server frontal4-qual frontal4-qual.univ-example.com:443 check fall 1 rise 1 fastinter 500 downinter 5000 ssl verify none

HAP version: 2.0.17-1~bpo10+1

fstefaniak · September 23, 2020, 1:52pm

Hi !

if someone have the same problem: i find out why:

the problem come from old php-cas package (version < 1.3.4 ) who are on old ubuntu LTS (16.04 & 18.04).

ref: https://goweb.tamu.edu/https-and-the-cas-maestro-wordpress-plugin/

A rapid solution can be to install directly a deb from the 20.04 (no dependency problem on php7.X).

Topic		Replies	Views
Need help on haproxy with CAS server. ssl on both sides Help!	0	493	July 18, 2018
I'm newbie, how to redirect https to https Help!	2	5092	May 7, 2019
Need help with a HTTP and HTTPS Proxy Config for multiple backend servers Help!	1	607	January 19, 2021
HAProxy unable to redirect to HTTPS when terminating Help!	6	2709	February 27, 2018
NOSRV/BADREQ with HAProxy and Letsencrypt Help!	9	6042	December 16, 2019

Bad CASv6 302 redirect through HAP

Related Topics