HAProxy config tutorials

HTTP redirects

Use the http-request redirect configuration directive to reroute HTTP traffic. These send back an HTTP redirect response to the client and then the client makes a new request to the new resource. When performing a redirection, the load balancer responds directly to the client. It does not forward any traffic to the server.

Redirect traffic to a location Jump to heading

Use http-request redirect location to replace the entire location of a URL. Below, we append a www subdomain in front of all URLs that do not have it. To specify the HTTP status code to return, set the code parameter with any of the following values:

Code Description
301 Permanent move
302 Temporary move; should not be cached by the client. This is the default value if no code is configured.
303 Similar to 302, but the browser must fetch the new location using a GET
307 Similar to 302, but the browser must reuse the same method as the one from the original request
308 Similar to 301, but the browser must reuse the same method as the one from the original request
haproxy
frontend www
bind :80
acl has_www hdr_beg(host) -i www
http-request redirect code 301 location http://www.%[hdr(host)]%[capture.req.uri] unless has_www
default_backend webservers
haproxy
frontend www
bind :80
acl has_www hdr_beg(host) -i www
http-request redirect code 301 location http://www.%[hdr(host)]%[capture.req.uri] unless has_www
default_backend webservers

Redirect traffic using a prefix Jump to heading

Use http-request redirect prefix to add a prefix to the URL’s location. Below, we prefix all URLs with /api/v2/ if they don’t have it. You do not need to end the prefix with a slash. One will be added to the end of the prefix automatically.

haproxy
frontend www
bind :80
acl begins_with_api path_beg /api/v2/
http-request redirect code 301 prefix /api/v2 unless begins_with_api
default_backend webservers
haproxy
frontend www
bind :80
acl begins_with_api path_beg /api/v2/
http-request redirect code 301 prefix /api/v2 unless begins_with_api
default_backend webservers

Redirect the scheme Jump to heading

Use http-request redirect scheme to redirect to a different scheme, such as from http:// to https://. In the following example, we redirect all HTTP traffic to HTTPS:

haproxy
frontend www
bind :80
bind :443 ssl crt /ssl.pem
http-request redirect scheme https unless { ssl_fc }
default_backend webservers
haproxy
frontend www
bind :80
bind :443 ssl crt /ssl.pem
http-request redirect scheme https unless { ssl_fc }
default_backend webservers

The Location header is built by concatenating the following elements in this order:

  • the scheme (e.g. https) provided by the directive
  • ://
  • the first occurrence of the Host header
  • the URL

Info

Even with the redirect, there is still a chance that a man-in-the-middle attack can occur. To prevent this attack, consider using the http-response set-header Strict-Transport-Security directive. For details, see HTTP Strict Transport Security.

See also Jump to heading

Do you have any suggestions on how we can improve the content of this page?