[RESOLVED] Issue redirecting to external website (haproxy acting as a webproxy for specific external sites)

chr00ted · March 8, 2023, 1:29am

Hello, I’m using haproxy for restricted internet access for some computers that do not have access to the internet. I am able to get all sites to work (Ups & emaint), but for some reason www.fedex.com is not working under this configuration. I was thinking its an akami issue, but looks like UPS is using Akami as well. If anyone could assist what I’m doing wrong it would be appreciated. Any suggestions or comments appreciated.

My test machine is connecting to the sites via host file entries: IE www.ups.com point to haproxy

global
stats socket :9000 mode 660 level admin
log /dev/log local2 debug

resolvers dns1
nameserver dns1 8.8.8.8:53
accepted_payload_size 8192 # allow larger DNS payloads

frontend https
bind *:443
option tcplog
mode tcp
tcp-request inspect-delay 5s
tcp-request content accept if { req.ssl_hello_type 1 }
use_backend emaintx49 if { req.ssl_sni -i x49.emaint.com }
use_backend fedex if { req.ssl_sni -i www.fedex.com }
use_backend fedex if { req.ssl_sni -i fedex.com }
use_backend ups if { req.ssl_sni -i www.ups.com }
default_backend emaintx49

backend emaintx49
mode tcp
balance source
server-template emaint2 2 x49.emaint.com:443 check resolvers dns1 init-addr none check inter 2000 rise 2 fall 5 verify none

backend fedex
mode tcp
balance source
server-template fedex2 2 www.fedex.com:443 check resolvers dns1 init-addr none check inter 2000 rise 2 fall 5 verify none

backend ups
mode tcp
balance source
server-template ups2 2 www.ups.com:443 check resolvers dns1 init-addr none check inter 2000 rise 2 fall 5 verify none

chr00ted · March 8, 2023, 9:15pm

The issue was haproxy was resolving in ipv6 even though ipv6 was disabled on the server.

echo “show servers state fedex” | nc localhost 9000
1

be_id be_name srv_id srv_name srv_addr srv_op_state srv_admin_state srv_uweight srv_iweight srv_time_since_last_change srv_check_status srv_check_result srv_check_health srv_check_state srv_agent_state bk_f_forced_id srv_f_forced_id srv_fqdn srv_port srvrecord

5 fedex 1 fedex21 2600:1408:c400:11::17cd:6b55 0 0 1 1 33 8 2 0 6 0 0 0 apis.fedex.com 443 -
5 fedex 2 fedex22 2600:1408:c400:11::17cd:6b4a 0 0 1 1 33 8 2 0 6 0 0 0 apis.fedex.com 443 -

I set the following and restarted haproxy:

backend fedex
mode tcp
balance source
server-template fedex2 2 apis.fedex.com:443 check resolvers dns1 init-addr none check inter 2000 rise 2 fall 5 verify none resolve-prefer ipv4
log /dev/log local0 debug

Topic		Replies	Views
Redirect not working properly to backends Help!	0	246	February 24, 2024
Haproxy redirection Help!	2	3415	June 10, 2016
HAProxy forwarding HTTPS OK, TCP not OK. Please help! Help!	12	13639	June 6, 2019
Please help get a noob up and running Help!	0	473	July 1, 2021
Domain base routing Help!	0	38	August 12, 2024

[RESOLVED] Issue redirecting to external website (haproxy acting as a webproxy for specific external sites)

be_id be_name srv_id srv_name srv_addr srv_op_state srv_admin_state srv_uweight srv_iweight srv_time_since_last_change srv_check_status srv_check_result srv_check_health srv_check_state srv_agent_state bk_f_forced_id srv_f_forced_id srv_fqdn srv_port srvrecord

Related topics