[Fwd: conditional request header addition]

From: Jonathan Tullett <jonathan#downagain.com>
Date: Fri, 17 Oct 2008 08:08:10 +0100


Apologies if you've seen this already - I didn't see the original archived on the website and wonder if it went out:

I'm looking to migrate from LVS over to haproxy. The reason for this is that the real server routing based on request url should improve the performance of our systems while also allowing for the decoupling of Resin from Apache.

Part of our application (the login/account management side) runs entirely over SSL. I'd like to run stunnel on the load balancer so we're able to do url switching on SSL requests.

I have stunnel patched with the x-forwarded-by patch, installed and configured and forwarding connections to the haproxy instance happily. haproxy is also configured not to add the x-forwarded-by header to any connections originating from the local machine.

We still need a way of informing apache/resin that the whether the request was really made via SSL, I thought injecting a string into the headers could be a good start.

 From looking at the documentation, in indeed my own research, it doesn't seem to be possible to add conditionals to the 'reqadd' statement. I'm looking to do something like:

acl from_stunnel src 127.0.0.1
reqadd X-SSL-Enabled:\ Yes if from_stunnel

Is there either a way I can do the above, or another (better) way of doing this?

Any suggestions gratefully received.

Jonathan.

attached mail follows:


Hi,

I'm looking to migrate from LVS over to haproxy. The reason for this is that the real server routing based on request url should improve the performance of our systems while also allowing for the decoupling of Resin from Apache.

Part of our application (the login/account management side) runs entirely over SSL. I'd like to run stunnel on the load balancer so we're able to do url switching on SSL requests.

I have stunnel patched with the x-forwarded-by patch, installed and configured and forwarding connections to the haproxy instance happily. haproxy is also configured not to add the x-forwarded-by header to any connections originating from the local machine.

We still need a way of informing apache/resin that the whether the request was really made via SSL, I thought injecting a string into the headers could be a good start.

 From looking at the documentation, in indeed my own research, it doesn't seem to be possible to add conditionals to the 'reqadd' statement. I'm looking to do something like:

acl from_stunnel src 127.0.0.1
reqadd X-SSL-Enabled:\ Yes if from_stunnel

Is there either a way I can do the above, or another (better) way of doing this?

Any suggestions gratefully received.

Jonathan. Received on 2008/10/17 09:08

This archive was generated by hypermail 2.2.0 : 2008/10/17 09:16 CEST