Haproxy-devel (0.27): tcp-request rule after reqadd rules
-
Hi everyone,
since our last update (to haproxy-devel 0.27), we're getting multiple warnings on applying haproxy-rules.
[WARNING] 216/165751 (67472) : parsing [/var/etc/haproxy/haproxy.cfg:57] : a 'tcp-request' rule placed after a 'reqadd' rule will still be processed before ... [WARNING] 216/165751 (67472) : parsing [/var/etc/haproxy/haproxy.cfg:144] : a 'tcp-request' rule placed after a 'reqadd' rule will still be processed before.Here's a snippet of our config:
... reqadd X-Forwarded-Proto:\ https if https reqadd X-Forwarded-Proto:\ http if !https stick-table type ip size 1m expire 30s store gpc0,http_req_rate(10s),conn_cur,conn_rate(3s) tcp-request connection accept if { src m.n.o.p } tcp-request connection accept if { src m.n.o.p } tcp-request connection accept if { src m.n.o.p } tcp-request connection accept if { src m.n.o.p } tcp-request connection accept if { src m.n.o.p } tcp-request connection accept if { src m.n.o.p } tcp-request connection accept if { src m.n.o.p } tcp-request connection accept if { src m.n.o.p } tcp-request connection track-sc1 src tcp-request connection reject if { src_get_gpc0(frontend) gt 10 } tcp-request connection reject if { src_conn_cur gt 40 } tcp-request connection reject if { src_conn_rate gt 40 } ...As you can see, these two reqadd X-Forwarded-Proto rules appear before the tcp-request rules and cause the warnings.
My question is now: what settings add these reqadd X-Forwarded-Proto rules?
Is there a way to skip these settings and instead add those rules manually into the Advanced pass thru field?Best regards
Thomas -
Its part of the "Use 'forwardfor' option" on the frontend. It creates rules like these:
option forwardfor acl https ssl_fc reqadd X-Forwarded-Proto:\ http if !https reqadd X-Forwarded-Proto:\ https if httpsShould be possible to add them in the advanced section.
-
Thank you PiBa! It works like a charm!
Copyright 2025 Rubicon Communications LLC (Netgate). All rights reserved.