HAProxy community

EXCLUDE from HSTS

Hi Readers,
i try to provide an CRL with haproxy. CRLs are distributed via HTTP.

So my approach:

frontend my-http
  acl is_CRL-h path_beg -i /pki
  use_backend server_CR if is_CRL-h
# all others via https:
http-request redirect scheme https if ! is_CRL-h
 backend server_CR
 mode http
 server myCA 10.123.4.56:80 nocheck

… But it does not work, the …“redirect if is not CRL” seems to be ignored… :frowning:

“Seems to be ignored” as in the browser does not even connect to HTTP? In the title you are hinting a HSTS configuration.

Please share the entire issue and the entire configuration.