HAProxy Enterprise Documentation 1.6r1

Rewrite Responses

Use the http-response configuration directives to rewrite HTTP responses before they are sent back to clients. You can place them into a frontend, listen, or backend section. The client will see something different than what the server sees.

Add a header

Use http-response add-header to add a header to the response before relaying it back to the client. In the example below, we add an X-Via header containing the hostname of the current HAProxy Enterprise server processing the traffic:

frontend www
   bind :80
   http-response add-header X-Via %[env(HOSTNAME)]
   use_backend webservers

Set a header

Use http-response set-header to change the current value of a header. In the example below, we give the Server header the value webserver, which can be useful for hiding the true name of the server:

frontend www
   bind :80
   http-response set-header Server webserver
   use_backend webservers

Delete a header

Use http-response del-header to remove a header. Below, we delete several headers that are set by Varnish:

backend b_static
   http-response del-header X-Varnish
   http-response del-header X-Varnish-Cache
   http-response del-header X-Varnish-Server
   http-response del-header X-Cache
   # servers list...

Replace a header by using a regular expression

Use http-response replace-header to change a header by using a regular expression. Below, we update the Cookie header named JSESSIONID, which was set by the server, with the Secure flag if the client-side connection is ciphered:

frontend www
   bind :80
   acl https ssl_fc
   acl secured_cookie res.cook(JSESSIONID),lower -m sub secure
   http-response replace-header Set-Cookie (.*) \1;\ Secure if https !secured_cookie
   use_backend webservers

We use a regular expression capture group to capture the whole, existing value. Then, we add the new flag to the end, after a semi-colon. This assumes that the server sets up a single cookie. HTTP RFC specifies that the comma , character is a header field delimiter.

Replace part of a header by using a regular expression

Use http-response replace-value to capture part of a header's value by using a regular expression and then replace that part with a new one. In the example below, we insert a Secure flag on each cookie set up by the server:

frontend www
   bind :80
   http-response replace-value Set-Cookie (.*) \1;\ Secure
   use_backend webservers

In cases where a header has multiple values, they are expected to be separated by a comma. HAProxy Enterprise looks for commas and applies the replacement to each value it finds.

Next up

Security