Having hard time with redirect

I have a horribly written application and am trying to work around that limitation.

I’m having a hard time figuring out how to do this. I’ve actually done it before so know it’s possible but that was some time ago. I have HAProxy installed and it’s doing transparent balancing to three backend servers. The problem is that it’s doing it transparently and I actually need it to just redirect. Doesn’t even need to proxy the connections necessarily.

Example:

Request is for http://1.1.1.1/this/url.asp (this is HAPRoxy host)

Redirect should be to one of my backend servers 2.2.2.2/this/url.asp or 3.3.3.3/this/url.asp

The way it’s working now is that it’s proxying to 2.2.2.2 but leaving the URL as 1.1.1.1. I need the URL to be 2.2.2.2.

There’s a lot of good information about how to change the URI, but I can’t figure out how to have HAProxy substitute the frontend url for the back end IP.

As per
http://cbonte.github.io/haproxy-dconv/1.7/configuration.html#4-redirect

this should be as simple as:
redirect prefix http://2.2.2.2

But how do I redirect to multiple backend servers using round Robin or leastconn? It’s a web farm on the backend so there isn’t necessarily an acl I can create to determine which of the backend servers to hit…

That is a strange and uncommon setup. You may want to go back to the drawing board.

That said, it is possible by using an ACL with the rand() function:
http://cbonte.github.io/haproxy-dconv/1.7/configuration.html#7.3.2-rand

Something like this (adjust as per requirements):

redirect prefix http://2.2.2.2 if { rand() gt 2147483647 }
redirect prefix http://3.3.3.3 if { rand() gt 2147483647 }
redirect prefix http://4.4.4.4

Last redirect should be unconditional, otherwise some request may not get redirected.

It’s the web application’s fault. I’d love to use HAP transparently but haven’t been able to figure the damn thing out. The application makes secondary connections after establishing a session so what happens is the application authenticates you on host 2.2.2.2 and then somewhere else in the application it uses the URL to make another connection to 1.1.1.1 / app2/plasticapp whichis the HAP host and HAP does it’s thing and sometimes it works but other times (when the load balance algorithm picks host 3.3.3.3) it fails because the user is authenticated to 2.2.2.2. It’s stupid.

I actually did this once before but maybe the HAP versions are different…I used the following rather than a frontend backend:

Blockquote
listen webloadbalance xxx.xxx.xxx.xxx:80
mode http
stats enable
stats uri /haproxy?stats
stats realm Strictly\ Private
stats auth navbalance: xxxxxxxxx
balance roundrobin
option httpclose
option forwardfor
option httpchk
server web01 xxx .xxx.xxx.xxx redir http :// xxx .xxx.xxx.xxx check
server web02 xxx .xxx.xxx.xxx redir http :// xxx .xxx.xxx.xxx check

That did the trick for me…but no joy now…

You right, that would also work.

Why it doesn’t work right now I can’t tell with the data provided.

Can you:

  • provide the output of haproxy -vv
  • provide the complete configuration
  • provide the output of a curl request in verbose mode
  • provide the output of the haproxy log

I got it. When I moved the config to the new box my syntax was off. I found it and appear to be all good now. Thanks a lot for the assistance!

First off thank you jaysin144 that last code snippet was exactly what I needed.

I too have an evil application (Cisco UCCX Finesse) that does its own multi-connection and HA failover. But doing DNS round-robin for connecting is not always guaranteed to get you to a live host. So setting up frontend/backend like normal and doing

backend uccx
mode http
option httpchk HEAD /
server UCCX1 loc1-uccx1.contoso.com:8445 ssl verify none redir https://loc1-uccx1.contoso.com:8445 check
server UCCX2 loc1-uccx2.contoso.com:8445 ssl verify none redir https://loc1-uccx2.contoso.com:8445 check
server UCCX3 loc2-uccx1.contoso.com:8445 ssl verify none redir https://loc2-uccx1.contoso.com:8445 check

solved it. no cluttering front end with round-robin rules. Http checking for health so no redirects to dead host. Thank you again for that little snippet I was having issues finding!