I am trying to use a custom error file and instead I get a 408 request timeout.
My current setup is my haproxy is running behind an ELB out in AWS.
My config is:
global
log 127.0.0.1 local0
log-send-hostname
lua-load /etc/haproxy/validate_jwt.lua
debug
daemon
defaults
log global
mode http
option httplog
option dontlognull
option logasap
timeout connect 5000
timeout client 50000
timeout server 50000
errorfile 403 /etc/haproxy/errorfiles/403error.http
frontend http_front
bind *:${FE_PORT}
monitor-uri /api/v1/health
http-request deny if !{ cook('jwt') -m found } !{ cook('cpAccountsJwt') -m found }
acl valid_jwt lua.validate_jwt -m bool
http-request deny if !valid_jwt
http-response del-header X-Frame-Options
use_backend %[req.hdr(host),lower,map_dom(/etc/haproxy/aoobm_tunnel.map)]
backend be_1a9109498b16029e409542c8f08ef359-qa2
server srv0 10.205.176.203:30089
backend be_2514131711c38b63e59fb4d5a7eaf3b6-qa2
server srv1 10.205.177.110:30091
backend be_3e1adc1008eab307e752a045f0ddc299-qa2
server srv2 10.205.177.110:30083
backend be_cd35febcca3f445a40ca7bac875d483b-qa2
server srv3 10.205.176.203:30085
backend be_d8ffc844e247de743a7fbb83154effa5-qa2
server srv4 10.205.177.110:30087
The 403error.http looks like:
HTTP/1.0 403 Forbidden
Cache-Control: no-cache
Connection: close
Content-Type: text/html
<html>
<head>
<title>Connection Permissions Error</title>
</head>
<body style="font-family:Trebuchet MS, Helvetica Neue, HelveticaNeue, Helvetica, Lato, Arial, Lucida Grande, sans-serif;background:#fff;pad
ding: 10px 15px;">
<div style="text-align:center">
<br>
<h2 style="font-size:16px">
You do not have sufficient account privleges to<br/>
preform the requested action
</h2>
</div>
</body>
</html
In my logs I plainly see HAProxy detecting a 403:
haproxy[84]: 10.205.63.45:31677 [01/Jun/2017:00:53:16.377] http_front http_front/ 0/-1/-1/-1/+0 403 +633 - - PR-- 13/13/0/0/0 0/0 “GET / HTTP/1.1”
What the heck am I doing wrong??