Searching HAProxy Enterprise 1.7r2
Handling Content with Response Body Injection (RBI)
The Response Body Injection (RBI) module provides a filter that allows you to manipulate an HTML document received in an HTTP response from a backend server.
It can insert content into any of the following HTML elements:
html
head
title
body
Install the RBI module
-
Install the RBI module as follows, depending on your platform:
apt install hapee-1.7r2-lb-htmldomor
yum install hapee-1.7r2-lb-htmldom -
In the
globalsection of your HAProxy configuration file, add the following line:module-load hapee-lb-htmldom.so
Configure the RBI module
-
Add a
filter htmldomdirective to alisten,frontend, orbackendsection to begin injecting content.The following example replaces HTTP with HTTPS.
Add this line to a frontend to replace HTTP links with HTTPS links. This occurs in JavaScript as this module isn't yet capable of arbitrarily modifying body contents. You can also modify it to change domain names or similar:
filter htmldom mode strict head-append '<script type="text/javascript" defer="defer">window.addEventListener("load", function() {var alinks = document.getElementsByTagName("a");var acount = alinks.length;for (var i=0; i < acount; i++) {alinks[i].href = alinks[i].href.replace("http://","https://");}})</script>'It injects the following markup into the
headof the HTML document, which replaces http:// with https:// in links:<script type="text/javascript" defer="defer"> window.addEventListener("load", function() { var alinks = document.getElementsByTagName("a"); var acount = alinks.length; for (var i=0; i < acount; i++) { alinks[i].href = alinks[i].href.replace("http://","https://"); } }) </script>
When RBI automatically opts out
The RBI filter automatically deactivates under certain conditions. These are conditions when:
The request method is
HEADBoth request and response are HTTP/1.1, but the
Transfer-Encodingheader value is notchunkedandContent-Lengthis unknownThe response contains compressed content (i.e. the
Content-Encodingheader is present)The response contains the
no-transformvalue in theCache-Controlheader (no transformations or conversions can happen)the
Content-Typeheader value is other thantext/html
How RBI modifies responses
The filter also modifies the response in the following ways:
To ensure that the response does not get compressed, the filter removes all occurrences of the
Accept-Encodingheader from the incoming request.In order to modify the response, the filter removes all occurrences of the
Content-Lengthheader. If the message is HTTP/1.1 or above, it sets theTransfer-Encodingheader is set tochunked.
Note
When you insert a large amount of content into a response, it is important to set tune.bufsize to the appropriate size.
Filter parameters
The filter htmldom directive instructs HAProxy to inject content into an HTML document. You can declare it only once for each proxy section. Its syntax is:
filter htmldom [mode <mode>] <action> <content>
where:
Directive | Description | ||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
| Sets the HTML parser in either of these modes:
| ||||||||||||||||
| Identifies the HTML element in which to inject new content. It applies to the first matching element. Valid actions are:
| ||||||||||||||||
| The HTML content to inject into the response from a server. It is a |
Precautions and troubleshooting
You can only use one
htmldomfilter per listener/frontend/backend.Due to the current limitation of the filter's implementation, we do not recommended that you use this filter in combination with other filters that modify the response on the same listener/frontend/backend. Using them can cause undefined behavior (such as compression filter).
If you encounter problems with the response body manipulation, check HAProxy logs. The RBI filter logs problems related to the buffer operations, such as initialization and manipulation.