HAproxy and PowerAutomate header headache :) Ideas please

Help!
1

Hello,

Now, im a network engineer and not a coder per se, so please bear with me :slightly_smiling_face:

In short, im trying to do some automation with MS flow. It fires off requests from the cloud, so in order to use internal APIs, i have to use their gateway. Everything works, except when i try to pass the “cookie” header which i need for backend auth. MS simply erases it.

What i did instead is create a custom header named “custom” which does get through and contains the value that the “cookie” one is supposed to have.

Is it possible to replace the header NAME, rather than the value.

I.E., request comes in on the frontend with header named “custom” and value xxx
and then haproxy creates the “cookie” header and gives it value xxx before passing over to the backend? Either by deleting or leaving the “custom” header.

Appreciate any help!

2

I’d just add a new header with the value of the other header:

http-request add-header Cookie %[req.hdr(X-Cookie)]

This is for the request, not the response. Not sure if that is what you need, otherwise it’s http-response instead of http-request and Set-Cookie instead of Cookie.

3

Hey, thanks for the answer.
I tried adding it, both on frontend and backend, replacing X-Cookie with the “custom” header name but it didnt work. It just ignores it. Am i missing something obvious? Im not familiar with the haproxy expressions, might have misunderstood.

This is the config i tried:
#---------------------------------------------------------------------

main frontend which proxys to the backends

#---------------------------------------------------------------------
frontend haproxy
bind 0.0.0.0:80
http-request add-header Cookie %[req.hdr(custom)]
default_backend viptela

#---------------------------------------------------------------------

static backend for serving up images, stylesheets and such

#---------------------------------------------------------------------

#---------------------------------------------------------------------

round robin balancing between the various backends

#---------------------------------------------------------------------
backend viptela
http-response del-header x-xss-protection
http-response del-header x-frame-options
http-response del-header x-content-type-options
http-response del-header server
http-response del-header strict-transport-security
http-response del-header pragma
balance roundrobin
server

And this is the request i get sent to the backend. There is no header named “cookie”, just the two which im sending initially. “custom” and “cookie1”.

I really just need the “host” and “cookie” headers to reach the backend, but whatever i try haproxy wont create it. All of the other headers that MS injects i dont really care about.

    GET /dataservice/client/token HTTP/1.1
    Connection: Keep-Alive
    Accept-Encoding: gzip, deflate
    Accept-Language: en-US
    Max-Forwards: 10
    User-Agent: azure-logic-apps/1.0 (workflow cf4a05a2e4c945798d6b21804bb8026a; version 08585700578683011284) microsoft-flow/1.0
    custom: JSESSIONID=gpxUcByBgDxBeOVh3w_PQEjGHwAlZJ9wtgl_cZ-h.b580d498-28f0-46ee-8101-4768bfdbd5e1; path=/; secure; HttpOnly
    cookie1: JSESSIONID=gpxUcByBgDxBeOVh3w_PQEjGHwAlZJ9wtgl_cZ-h.b580d498-28f0-46ee-8101-4768bfdbd5e1; path=/; secure; HttpOnly
    x-ms-workflow-id: cf4a05a2e4c945798d6b21804bb8026a
    x-ms-workflow-version: 08585700578683011284
    x-ms-workflow-name: 3fefa939-ac3a-4e3b-8dc6-8ef78e97808f
    x-ms-workflow-system-id: /locations/westus/scaleunits/prod-96/workflows/cf4a05a2e4c945798d6b21804bb8026a
    x-ms-workflow-run-id: 08585700392914642427202513066CU161
    x-ms-workflow-run-tracking-id: ce2e837e-52f6-452e-b0a6-98c963a4bfbf
    x-ms-workflow-operation-name: Token
    x-ms-execution-location: westus
    x-ms-workflow-subscription-id: 5072fcc3-8341-442e-9b98-4b441017c969
    x-ms-workflow-resourcegroup-name: DA67EF1BCA594DB29A8CAA8D94617A16-
    x-ms-tracking-id: 611585f0-fb01-4412-854c-28081d3d8ee1
    x-ms-correlation-id: 611585f0-fb01-4412-854c-28081d3d8ee1
    x-ms-client-request-id: 611585f0-fb01-4412-854c-28081d3d8ee1
    x-ms-client-tracking-id: 08585700392914642427202513066CU161
    x-ms-action-tracking-id: 4eac9590-934f-414b-bb95-19a7d839ebfa
    x-ms-activity-vector: IN.0C
    X-MS-APIM-Referrer: https://flow-apim-msmanaged-na-centralus-01.azure-apim.net/apim/vmanage-5fdelab-5f495504b403d5a5b4-5f67ec4eef3e3368ee/2a78fb36f9a147dd89e2228e3884814f/dataservice/client/token
    x-ms-client-region: unitedstates
    x-ms-flavor: Production
    x-ms-gateway-object-id:
    X-MS-APIM-Referrer-Prefix: https://flow-apim-msmanaged-na-centralus-01.azure-apim.net/apim/vmanage-5fdelab-5f495504b403d5a5b4-5f67ec4eef3e3368ee/2a78fb36f9a147dd89e2228e3884814f
    X-MS-APIM-Callback: https://msmanaged-na.consent.azure-apim.net
    x-ms-environment-id: Default-da67ef1b-ca59-4db2-9a8c-aa8d94617a16
    X-Forwarded-For: 157.56.167.147, 40.113.242.246:1820
    X-WAWS-Unencoded-URL: /
    CLIENT-IP: 40.113.242.246:1820
    X-ARR-LOG-ID: b7920ff4-9839-4c82-b9d1-50eb99b34162
    DISGUISED-HOST: 10.38.1.131
    X-SITE-DEPLOYMENT-ID: 10.38.1.131
    WAS-DEFAULT-HOSTNAME: 10.38.1.131
    X-Original-URL: /
    X-ARR-SSL: 2048|256|C=US, O=DigiCert Inc, CN=DigiCert SHA2 Secure Server CA|C=US, S=Washington, L=Redmond, O=Microsoft Corporation, CN=*.azconn-wus.p.azurewebsites.net
    X-Forwarded-Proto: https
    X-AppService-Proto: https
    X-Forwarded-TlsVersion: 1.2
    X-ARR-ClientCert: MIIH2zCCBcOgAwIBAgITFgBjGCNyceQpLiW1gQAAAGMYIzANBgkqhkiG9w0BAQsFADBEMRMwEQYKCZImiZPyLGQBGRYDR0JMMRMwEQYKCZImiZPyLGQBGRYDQU1FMRgwFgYDVQQDEw9BTUUgSW5mcmEgQ0EgMDMwHhcNMjEwNzEwMDkzNjMzWhcNMjIwMTA2MDkzNjMzWjA0MTIwMAYDVQQDEylhcGltLWNsaWVudC1hdXRoLmNlcnRzLmNvbm5wbGF0LmF6dXJlLmNvbTCCASPTc8hLa8OXREk4V20Sc+7dtVSrJNJZKkv7pCAnQI6I2c2tHGG2o0r8ZmUcSWH8p6sy0N25S/LT7Iji8PHwgZ0CAwEAAaOCA9QwggPQMCcGCSsGAQQBgjcVCgQaMBgwCgYIKwYBBQUHAwEwCgYIKwYBBQUHAwIwPQYJKwYBBAGCNxUHBDAwLgYmKwYBBAGCNxUIhpDjDYTVtHiE8Ys+hZvdFs6dEoFghfmRS4WsmTQCAWQCAQcwggHLBggrBgEFBQcBAQSCAb0wggG5MGMGCCsGAQUFBzAChldodHRwOi8vY3JsLm1pY3Jvc29mdC5jb20vcGtpaW5mcmEvQ2VydHMvQU0zUEtJSU5UQ0EwMS5BTUUuR0JMX0FNRSUyMEluZnJhJTIwQ0ElMjAwMy5jcnQwUwYIKwYBBQUHMAKGR2h0dHA6Ly9jcmwxLmFtZS5nYmwvYWlhL0FNM1BLSUlOVENBMDEuQU1FLkdCTF9BTUUlMjBJbmZyYSUyMENBJTIwMDMuY3J0MFMGCCsGAQUFBzAChkdodHRwOi8vY3JsMi5hbWUuZ2JsL2FpYS9BTTNQS0lJTlRDQTAxLkFNRS5HQkxfQU1FJTIwSW5mcmElMjBDQSUyMDAzLmNydDBTBggrBgEFBQcwAoZHaHR0cDovL2NybDMuYW1lLmdibC9haWEvQU0zUEtJSU5UQ0EwMS5BTUUuR0JMX0FNRSUyMEluZnJhJTIwQ0ElMjAwMy5jcnQwUwYIKwYBBQUHMAKGR2h0dHA6Ly9jcmw0LmFtZS5nYmwvYWlhL0FNM1BLSUlOVENBMDEuQU1FLkdCTF9BTUUlMjBJbmZyYSUyMENBJTIwMDMuY3J0MB0GA1UdDgQWBBT/TzXY4QcXLGq3yHjABXPsL43nzzAOBgNVHQ8BAf8EBAMCBaAwggEmBgNVHR8EggEdMIIBGTCCARWgggERoIIBDYY/aHR0cDovL2NybC5taWNyb3NvZnQuY29tL3BraWluZnJhL0NSTC9BTUUlMjBJbmZyYSUyMENBJTIwMDMuY3JshjFodHRwOi8vY3JsMS5hbWUuZ2JsL2NybC9BTUUlMjBJbmZyYSUyMENBJTIwMDMuY3JshjFodHRwOi8vY3JsMi5hbWUuZ2JsL2NybC9BTUUlMjBJbmZyYSUyMENBJTIwMDMuY3JshjFodHRwOi8vY3JsMy5hbWUuZ2JsL2NybC9BTUUlMjBJbmZyYSUyMENBJTIwMDMuY3JshjFodHRwOi8vY3JsNC5hbWUuZ2JsL2NybC9BTUUlMjBJbmZyYSUyMENBJTIwMDMuY3JsMB8GA1UdIwQYMBaAFFAx8O9CLsD/vaQJC8rEwoZ91D8yMB0GA1UdJQQWMBQGCCsGAQUFBwMBBggrBgEFBQcDAjANBgkqhkiG9w0BAQsFAAOCAgEAGxQkO9g6vEEQawdDEqieyNjSN3S3PfHbOAjET5pcayxbzq0DeZMZroAL8G7tFl7ztNEVfYcHT5hE9pVTPGsx2Td9LtwTv+KU0hCcoG821Fn21OR/OFWwM/sffCoaz8yjn4mvWvSWyp+5uN7boJoAlRlbcOLDeGipi0wSpwY/EWDFjwsmUI8tV1lohWtteAhQDqeJiiOqVunTFE7JR5ol5kMIxiPDk3o5jhBpCJOYn+sRMd7ZL2ro6OTCZtyi4raI/quP7l9dCyRGqk1hMtagSLfdlYuEC1T4EOCUDkK5s2ohUlmripMabw8rwSyM327BLRhEv31/hZNHjCs6VUZtVAqb8xgocEY/eNsKCIaqBpnpTLq0W+URoK39GXpmwLz5hiUfYmkO+8JpCn6iGKtleVTRQBaB9HTLXg7dDiOJ/qBld/43I2XxWDUuWDjDBXPgcgwKE3S8fQ38kgWbQA0moWBAwC9qaYA6Q/x7P5E1/wk89aKko5qJ5yELUNeFoPia9Enhi80cs2zaLLjt1Uw7kjjo6AzynXxBxw1Kmu9oihfVyvmzTFRY4oprz1xcasoaxJ6A06p7TEoh5ga3jTFgR00nHAktcGNzTQE99Rs204M+QccHkTfAQu9JeNTjoQuwprIe7ixMKxKUZsB6KKQGcfHb+OLNhYbyDbAwKXAc3eU=
    x-ms-operationName:
    x-ms-connection-id: 2a78fb36f9a147dd89e2228e3884814f
    Host: xxx.xxx.xxx.xxx

Did i do something stupid with the haproxy config?

4

well, i made a stupid mistake. searching for the new header on the frontend egress… :confused:
Let me figure out how to monitor the backend because its https and ill confirm if it works

5

Yep, that did the trick! Thanks a million!

1 Like