2

I can add new header in haproxy with the "http response add-header" function and it's done successfully because i can see those added headers in my http packet when i use Wireshark.

The problem is i can't capture them. I use the "capture response header" function and with that i can capture and log common headers like "Content-Type" or "Connection" but it doesn't work for added headers.

this is my conf file haproxy.cfg :

global
    log /dev/log    local0
    log /dev/log    local1 notice
    chroot /var/lib/haproxy
    stats socket /run/haproxy/admin.sock mode 660 level admin
    stats timeout 30s
    user haproxy
    group haproxy
    daemon

defaults
    log     global
    mode    http
    option  httplog
    option  dontlognull
    option  http-server-close
    timeout http-request 5000
    timeout connect 5000
    timeout client  50000
    timeout server  50000

frontend localnodes
    bind 10.0.0.16:80
    mode http
    # Table definition  
    stick-table type ip size 100k expire 30s store conn_cur
    tcp-request connection track-sc1 src

    capture response header X-Test-One len 10
    capture response header X-Test-Two len 10
    capture response header Content-Type len 10
    capture response header Connection len 10


default_backend nodes

backend nodes
    mode http
    balance roundrobin

    http-response add-header X-Test-One %Ts
    http-response add-header X-Test-Two %T

    server web01 123.123.22.22:2222 check maxconn 500

listen stats *:1936
    stats enable
    stats uri /
    stats hide-version
    stats auth notthelogin:notthepassword

And when i make http request have this in my log file : 

Oct  7 11:12:38 localhost haproxy[20304]: 10.0.0.20:34316 [07/Oct    /2015:11:12:38.972] localnodes nodes/web01 0/0/0/1/1 200 11378 - - ---- 14/14/0/0/0 0/0 {||text/html|close} "GET / HTTP/1.0"

In the log we can clearly see with "{||text/html|close}" that standard header are well capture but not the 2 added headers which appears empty between the "|". But the are in the http packet as we can see with wireshark

Wireshark Screenshot showing custom headers

There is someone who can help me please ? I can't find out what is the problem and i'm on this since two days :/

Thank you :)

sysadmin1138
  • 133,124
  • 18
  • 176
  • 300
Computron
  • 29
  • 3
  • `haproxy` is showing you the captured headers *as read from the backend*, not the result of any `add-header` directives. – wurtel Oct 07 '15 at 13:55
  • so it's not possible to capture added headers by the backend ? – Computron Oct 08 '15 at 07:46
  • When I wrote "backend", I meant the server that haproxy forwards the request to. I see now it might be interpreted as the backend stanza in the haproxy.cfg config. IMHO it doesn't make much sense to capture things that are added by haproxy itself, you can see right there what haproxy is adding. – wurtel Oct 08 '15 at 11:35
  • i want to do this because i need to log user who break some rules (rate_limit, conn_cur, conn_rate etc). So i try the answer of this post : http://serverfault.com/questions/575436/logging-haproxy-connection-limiting – Computron Oct 09 '15 at 14:34
  • What version of HAProxy were/are you using? – GregL Mar 01 '16 at 18:09
  • I am trying the same thing with haproxy 1.6.3 for a similar purpose and it does not seem to work. I tried to add both a request and a response header, neither of which show up when trying to log them with capture request/response header – Daniel Schneller Mar 16 '16 at 18:09
  • @GregL I'm using : Haproxy 1.5.8-3 – Computron Mar 22 '16 at 10:55
  • 1
    @DanielSchneller, you can do it in the 1.6.x branch using `declare capture` and `http-response capture`. If you ask a new question, I can try and answer you there. – GregL Mar 22 '16 at 15:15
  • @Computron, As I just said to @Daniel, I don't think it's possible with 1.5.x due to the order of actions internally. The `capture` happens earlier in the process than the `http-response add-header`, so the latter never gets picked up. – GregL Mar 22 '16 at 15:17

0 Answers0