Logo Questions Linux Laravel Mysql Ubuntu Git Menu
HTML CSS JAVASCRIPT SQL PYTHON PHP BOOTSTRAP JAVA JQUERY R React Kotlin
 

How to send a response with HAProxy without passing the request to web servers

Tags:

http

cors

haproxy

The server is receiving thousands of OPTIONS requests due to CORS (Cross-Origin Resource Sharing). Right now, every options request is being sent to one of the servers, which is a bit wasteful, knowing that HAProxy can add the CORS headers itself without the help of a web server.

frontend https-in
    ...
    use_backend cors_headers if METH_OPTIONS
    ...

backend cors_headers
    rspadd Access-Control-Allow-Origin:\ https://www.example.com
    rspadd Access-Control-Max-Age:\ 31536000

However for this to work I need to specify at least one live server in cors_headers backend and that server will still receive the requests.

How can I handle the request in the backend without specifying any servers? How can I stop the propagation of the request to servers, while sending the response to the browser and keeping the connection alive?

like image 565
Xeos Avatar asked Oct 24 '14 21:10

Xeos

People also ask

What port does HAProxy listen on?

This is the IP address that HAProxy listens on, which is normally the localhost specified by IP address: 127.0. 0.1. This is the port that HAProxy listens on, which is normally 85.

What is active HA proxy service?

HAProxy (High Availability Proxy) is open source proxy and load balancing server software. It provides high availability at the network (TCP) and application (HTTP/S) layers, improving speed and performance by distributing workload across multiple servers.

1 Answers

Edit for HAProxy 2.2 and above: In case you need to support a whitelist of origins, Lua scripts can now generate the entire response without having to pass the request to the backend server. Sample Lua script with simple integration instructions can be found here: https://github.com/haproxytech/haproxy-lua-cors

The only way to do this is in HAProxy 1.5.14 is by manually triggering the 503 error (no servers available to handle the request) and setting the error page to the file with custom CORS headers.

backend cors_headers
    errorfile 503 /path/to/custom/file.http

The file.http should contain the desired headers and 2 empty lines at the end

HTTP/1.1 200 OK
Access-Control-Allow-Origin: https://www.example.com
Access-Control-Max-Age: 31536000
Content-Length: 0
Cache-Control: private


<REMOVE THIS LINE COMPLETELY>

This "method" has a couple of limitations:

  • there is no way to check the origin before sending the CORS headers, so you will either have to have a static list of allowed origins or you will have to allow all origins

  • lack of dynamic headers: you can't do

    http-response set-header Date %[date(),http_date]

or set Expires header.

Note: if you are updating the HTTP file dynamically over time, to apply the changes to the HAProxy you will have to restart it. It can be a graceful restart or a hard restart, in either case the new file will be loaded, cached and served immediately.

like image 66
Xeos Avatar answered Sep 28 '22 02:09

Xeos
Sign in to Comment

Related questions

Enable HTTPS in jenkins?
REST response - should I put the URL of the new resource in the header, body, or both?
JavaScript cross-domain call: call from HTTP to HTTPS
Access blocked by CORS policy: Response to preflight request doesn't pass access control check
Is it possible to use HttpBrowserCapabilities from a c# console application?
What is the most robust HTTP library for android? [closed]
Can curl be used to mimic a persistent (but idle) open connection
Maximum default POST request size of IIS 7 - how to increase 64kB/65kB limit?
Shall I use the Content-Security-Policy HTTP header for a backend API?
Proxy Check in python
How to programmatically access web page in java
Rest api design: POST to create with duplicate data, would-be IntegrityError/500, what would be correct?
IE 11 sends different User-Agent header to different subdomains
Express.JS: how can I set response status by name rather than number?
Update an entire resource collection in a REST way
Is there a more user friendly alternative to Net::HTTP for interacting with REST APIs?
Absolute (full) URLs without "http:" in HTML href
HTTP status code for overloaded server
Is there a real server push over http?
HTTP: POST request receives a 302, should the redirect-request be a GET?

Donate For Us

If you love us? You can donate to us via Paypal or buy me a coffee so we can maintain and grow! Thank you!