Change response-header from http to https

Hello everyone,
I need help with a big problem for me.

I have a frontend that accepts https:// and a backend that only understands http://. So classic SSL offloading. No secret.

Now to the problem. The application on the backend creates a “redirect URI” that the client needs to authenticate against AZURE. Since the backend is addressed with http, the application also generates a redirect URI in the format “”. In order for my authentication to work, I have to change http:// to https://…

I’ve already tried to kill myself. Is there a way to rewrite the response header?

Thanks for all the ideas!


See http-response replace-header and http-response replace-value


thank you for quick response.

I’ve done some further investigations. The replace-value might be the rigth approach.

The websever send a “HTTP1.1/302 Found” with a generated “Location:” Field. Now the challenge is to change a part of the Location-Field…

Location field is:

https :// …

I need to replace the “redirect_uri=http” - part to “redirect_uri=https”.

Is there a solution to do this with haproxy?


my attempt is:

http-response replace-value Location ^redirect_uri=http(.*)$ redirect_uri=https\1

in my backend section - but will not work…

I’d imagine that something like this would do the job:

http-response replace-header Location ^(.+)(redirect_uri=http)([^s].+)$ \1redirect_uri=https\2

Oh thank you. Now th location looks like that:

https: //

Can you please explain the RegEx you used? … is witchcraft for me…

Use or to get a detailed explanation of the regex.

Hi lukastribus,

thank you so much for your support and your food for toughts. The solution that works for me is:


Screenshot - because asterisk wont shown…

Maybe this helps another dude facing the same problem…


1 Like

Ah, I got it, I referred to capture group \2 when I was thinking about group \3.

Referring to \3 or not capturing the (redirect_uri=http) (by removing the brackets) would have fixed it.