Redirect
HAProxy 在 302 重定向之前添加一些標頭
我正在嘗試將一些安全標頭添加到定向到特定埠的響應中。我有以下配置的前端:
frontend desenv_ext_1 bind *:80 bind *:443 ssl crt /etc/ssl/certs/cert.pem mode http option tcplog default_backend desenv_1 timeout client 5m #ACL to new attempt acl header_c dst_port 80 #Attempt with no ACL http-response set-header X-Frame-Options SAMEORIGIN #Attempt with ssl ACL http-response set-header Strict-Transport-Security max-age=31535400;\ includeSubDomains;\ preload; if {ssl_fc} http-response add-header Referrer-Policy no-referrer if !{ ssl_fc } #Attempt with header_c ACL http-response set-header X-Content-Type-Options nosniff if header_c http-response add-header X-XSS-Protection 1;\ mode=block if header_c #Attempt with rspadd rspadd X-Backen-Serve\ laranja if header_c rspadd X-Backend-Serve\ caju if HTTP redirect scheme https if !{ ssl_fc }
您會看到,在配置中,您以不同的方式進行了一些測試,但這些方式都不起作用。
重定向工作正常,但未在埠 80 響應中添加標頭:
[root@managerr temp]# curl -I http://localhost HTTP/1.1 302 Found Cache-Control: no-cache Content-length: 0 Location: https://localhost/ Connection: close
我希望到達埠 80 的請求添加以下標頭,即使它們重定向到埠 443:
Strict-Transport-Security max-age=31535400;\ includeSubDomains;\ preload; X-Frame-Options SAMEORIGIN X-Content-Type-Options nosniff X-XSS-Protection 1;\ mode=block
我需要的輸出是這樣的:
HTTP/1.1 302 Found Strict-Transport-Security max-age=31535400;\ includeSubDomains;\ preload; X-Frame-Options SAMEORIGIN X-Content-Type-Options nosniff X-XSS-Protection 1;\ mode=block Cache-Control: no-cache Content-length: 0 Location: https://localhost/ Connection: close
後端:
backend desenv_1 mode http option tcplog server manga x.x.x.x:80 check cookie manga timeout connect 10s timeout server 5m
我的 HA-Proxy 版本 1.5.18
redirect
在之前被執行http-response
,所以這些http-response
s 永遠不會被執行。用這個:
http-request redirect location "https://%[hdr(host)]%[url]\r\nX-Frame-Options: SAMEORIGIN\r\nReferrer-Policy: no-referrer"