HAProxy http passtrough proxy instead of 304 redirect

Question

I am trying to get the equivalent of the nginx passtrough where a user would see my website url in the address bar but get all the content to be proxied from another website.

At the moment the code below redirects the user to example2 by returning a 304, instead of proxying the traffic.

I need it to work with http (not tcp) because I need this as part of an AB test where I need to inspect the cookies. Please check the comments on the code below for what I am trying to do.

defaults
        mode http
        log global
        option httplog
        log 127.0.0.1 local0
        timeout connect 5000ms
        timeout client 50000ms
        timeout server 50000ms

listen  http
        bind 127.0.0.1:8080

        acl set_cookie path_beg /set-cookie

        use_backend b-backend if { req.cook(SITEID) -m beg b-backend }
        use_backend b-backend if set_cookie

        default_backend ab-split-backend

backend a-backend
        option forwardfor
        server example1 example1.com:443 check maxconn 3000 inter 30s

backend b-backend
        cookie SITEID insert
        option http_proxy
        # how do I get example2 to passtrough and not 304 redirect?
        server example2 example2.com:443 check maxconn 3000 inter 30s

backend ab-split-backend
        balance roundrobin
        cookie SITEID insert indirect nocache maxlife 48h

        # how do I get example2 to passtrough?
        server example2 example2.com:443 weight 50 cookie b-backend

        server example1 example1.com:443 weight 50 cookie a-backend

Answer 1

HTTP 304 is not really a redirect, it is an empty response indicating Not Modified which tells the client that the server would have responded with a 200 and served the content, but the requested asset has not changed, so the client can just use what it has cached.

So I'm not entirely sure what you're seeing is incorrect behavior. That is, your requests may be being passed through just fine, and the backend server may be correctly responding with a 304.

The server makes the decision to respond with this code based on information provided in the request headers If-Modified-Since and/or If-None-Match. So if you really want to disable this caching mechanism and ensure a complete 200 response every time, you can instruct HAProxy to delete these headers from the incoming request:

listen  http
        bind 127.0.0.1:8080

        acl set_cookie path_beg /set-cookie

        # Delete headers related to caching
        http-request del-header If-Modified-Since
        http-request del-header If-None-Match

        use_backend b-backend if { req.cook(SITEID) -m beg b-backend }
        use_backend b-backend if set_cookie

        default_backend ab-split-backend

Answer 2

it looks like what you are trying to do is keep your system from trying to pass it through via SSL and instead do clear text based assessments for testing purposes. I would recommend seeing a snippet from my config below on http-request redirects and also look into HAProxy schemes. I would also recommend seeing the additional example for instance based redirection, specifically for a dictated location, that way you dont unencrypt traffic accidentally that you want to remain encrypted.

As for the information proxied from another location, your best bet for that would be with using Cloudflare, especially if you are looking for some form of DDoS/additional layers of security. The alternative is building your own custom anti-DDoS Solution, which is a major pain.

frontend ALL
 bind   *:80
 bind   *:443 alpn h2,http/1.1 ssl crt /etc/haproxy/certs/eduarmor.com.pem
 http-request redirect scheme https code 301 if !{ ssl_fc }
 http-request redirect code 301 location http://www.%[hdr(host)]%[capture.req.uri] if { hdr(Host) -i eduarmor.com }
 mode   http