Raymii.org
Quis custodiet ipsos custodes?Home | About | All pages | Cluster Status | RSS Feed
haproxy: add strict transport security or any other http header
Published: 11-12-2013 | Author: Remy van Elst | Text only version of this article
❗ This post is over eleven years old. It may no longer be up to date. Opinions may have changed.
This snippet shows you how to add a header to a haproxy response, for example, the HSTS header (http strict transport security).
This snippet was tested on haproxy 1.5.
Recently I removed all Google Ads from this site due to their invasive tracking, as well as Google Analytics. Please, if you found this content useful, consider a small donation using any of the options below:
I'm developing an open source monitoring app called Leaf Node Monitoring, for windows, linux & android. Go check it out!
Consider sponsoring me on Github. It means the world to me if you show your appreciation and you'll help pay the server costs.
You can also sponsor me by getting a Digital Ocean VPS. With this referral link you'll get $200 credit for 60 days. Spend $25 after your credit expires and I'll get $25!
This for example can be used when haproxy is used for ssl offloading and you want to offer hsts, while the backends not support it.
The following config is required in a frontend
section:
frontend example-frontend
reqadd X-Forwarded-Proto:\ https
rspadd Strict-Transport-Security:\ max-age=31536000;\ includeSubDomains
default_backend example-backend
The important part is:
rspadd Strict-Transport-Security:\ max-age=31536000;\ includeSubDomains
This adds the header to every response haproxy sends to a client.
More Info: http://cbonte.github.io/haproxy- dconv/configuration-1.5.html#rspadd
Tags: apache , haproxy , hsts , loadbalancer , network , snippets , ssl