Hello everyone,
I need help with a big problem for me.
I have a frontend that accepts https:// and a backend that only understands http://. So classic SSL offloading. No secret.
Now to the problem. The application on the backend creates a “redirect URI” that the client needs to authenticate against AZURE. Since the backend is addressed with http, the application also generates a redirect URI in the format “http://xxx.test.com”. In order for my authentication to work, I have to change http:// to https://…
I’ve already tried to kill myself. Is there a way to rewrite the response header?
Thanks for all the ideas!
greeting
cyrano330
Hi,
thank you for quick response.
I’ve done some further investigations. The replace-value might be the rigth approach.
The websever send a “HTTP1.1/302 Found” with a generated “Location:” Field. Now the challenge is to change a part of the Location-Field…
Location field is:
https ://login.microsoftonline.com/xxxx-xxxx-xxxx-xxxxx/oauth2/authorize?client_id=xxxxx-xxxxxx-xxxxx-xxxxxx&redirect_uri=http%3A%2F%2Fxxx.domain.com%2FTenant%2FSignIn&response_type=code%20id_token&scope=openid%20profile&response_mode=form_post&nonce=6384 …
I need to replace the “redirect_uri=http” - part to “redirect_uri=https”.
Is there a solution to do this with haproxy?
Best
Henry
my attempt is:
http-response replace-value Location ^redirect_uri=http(.*)$ redirect_uri=https\1
in my backend section - but will not work…
I’d imagine that something like this would do the job:
http-response replace-header Location ^(.+)(redirect_uri=http)([^s].+)$ \1redirect_uri=https\2
Oh thank you. Now th location looks like that:
https: //login.microsoftonline.com/xxxxxxx-a992-xxxx-xxxx-xxxxxxxxxxxxxxxx/oauth2/authorize?client_id=a12f6523-xxxxxx-xxx-b6e0-xxxxxxxxxxxxxx&rredirect_uri=httpsredirect_uri=http
Can you please explain the RegEx you used? … is witchcraft for me…
Use https://regex101.com/ or https://regexr.com/ to get a detailed explanation of the regex.
Hi lukastribus,
thank you so much for your support and your food for toughts. The solution that works for me is:
Screenshot - because asterisk wont shown…
Maybe this helps another dude facing the same problem…
Best
Henry
1 Like
Ah, I got it, I referred to capture group \2 when I was thinking about group \3.
Referring to \3 or not capturing the (redirect_uri=http) (by removing the brackets) would have fixed it.