Cannot publish subpages with HAProxy

  • Hello,

    My config is like;

    WAN (> Juniper FW (> HTTP ->MS ISA Server (> (
    WAN (> Juniper FW (> HTTP ->MS ISA Server (> (

    It's very easy to do this with ISA Server but i want to switch Pfsense. So i've installed HAProxy and i can publish ( but couldn't create correct rules for (

    Whenever i go for it goes to instead of, can someone help me how to create a correct config. for this setup?


  • What rules did you make? Can you share the haproxy.cfg ?

  • Sorry cant do that but it wouldnt matter anyway because i have no idea how to write config for subpages. I've searched net whole day but couldn't find single example regarding this subject. So if u guys show me some example configs i think i can figure out the rest.

    I've created two backends pointing port 80 to and Tried a to create a primary frontend with two shared frontends but no idea how to create correct ACL's to get this work.

  • Perhaps look at the native haproxy manual:
    The way they do it for "/images"

    In the haproxy package on pfSense youl need to define an acl to match /images and a usebackend action to then go to the right backend if the acl matches.

  • Has there been any progress on this I am in the same boat..



  • If your in the same boat, then look at the same manual as linked above.. Or ask your question is a separate forum thread and i can try to help you there. Maybe i we can try and learn how to fish, instead of giving you a fish..

  • @PiBa

    Sounds like a plan if i work it out all on my own I will defo update this Thread…  ;D



  • Reading other forums etc.. I have come up with the below config, but it does not seem to work… can anyone point out what might be wrong

    Listen HAProxyLocalStats
    bind name localstats
    mode http
    stats enable
    stats admin if TRUE
    stats uri /haproxy/haproxy_stats.php?haproxystats=1
    timeout client 5000
    timeout connect 5000
    timeout server 5000

    frontend SHFD-merged
    bind XXX.XXX.XXX.XXX:443 name XXX.XXX.XXX.XXX:443 ssl  crt /var/etc/haproxy/SHFD.pem 
    bind name ssl  crt /var/etc/haproxy/SHFD.pem 
    mode http
    log global
    option httplog
    option http-keep-alive
    option forwardfor
    acl https ssl_fc
    http-request set-header X-Forwarded-Proto http if !https
    http-request set-header X-Forwarded-Proto https if https
    timeout client 86400000
    acl AURL path_end -i /Automation
    use_backend Automation_Server_http_ipvANY  if  AURL

    backend Automation_Server_http_ipvANY
    mode http
    log global
    timeout connect 30000
    timeout server 30000
    retries 3
    server AutoMate



  • It looks like youve disabled healthchecking on the server, if you enable it for http, does the server show up 'green' on the stats page? If not some info here:

    Other than that are you sure the path 'ends' on /Automation ? For testing what curl command are you running?

    Does show a (error?)response from the webserver when visited with a browser?

  • Hi PiBa,

    I believe i know what might be wrong but unsure how to fix this… have change the path_end to Path_begins. but also noticed the internal path should be* Correct me if I am wrong like you point out below it requesting the URL to internally

    Do you know the best way of achieving this?



  • on the backend i have added the following line to

    "Backend pass thru"
    reqrep ^([^\ :])\ /Automation/(.)    \1\ /\2

    This seems to work is it possable to drop off the last forward slash / ?