Netgate Discussion Forum
    • Categories
    • Recent
    • Tags
    • Popular
    • Users
    • Search
    • Register
    • Login

    HAProxy [WARNING] (4900) : parsing [/var/etc/haproxy/haproxy.cfg:...] : a 'http-request' rule placed after a 'redirect' rule will still be processed before.

    Scheduled Pinned Locked Moved Cache/Proxy
    1 Posts 1 Posters 490 Views
    Loading More Posts
    • Oldest to Newest
    • Newest to Oldest
    • Most Votes
    Reply
    • Reply as topic
    Log in to reply
    This topic has been deleted. Only users with topic management privileges can see it.
    • M
      michaelschefczyk
      last edited by

      Dear All,

      To redirect http to https, I am using a http frontend containing an advanced pass thru "redirect scheme https code 301 if !{ ssl_fc }". Since some time, I always get "[WARNING] (4900) : parsing [/var/etc/haproxy/haproxy.cfg:...] : a 'http-request' rule placed after a 'redirect' rule will still be processed before." when this is active.

      I assume the reason is the fix against CVE-2021-40346 which added the following lines to http frontends:

      http-request  deny if { req.hdr_cnt(content-length) gt 1 }
http-response deny if { res.hdr_cnt(content-length) gt 1 }

      Is this correct and should I just ignore the warning? Is there better practice to redirect http to https? If not, can the warning be suppressed in a future version so that not everyone using this needs to think through this?

      Thanks & regards

      Michael Schefczyk

      1 Reply Last reply Reply Quote 0
      • First post
        Last post
      Copyright 2025 Rubicon Communications LLC (Netgate). All rights reserved.