• Categories
  • Recent
  • Tags
  • Popular
  • Users
  • Search
  • Register
  • Login
Netgate Discussion Forum
  • Categories
  • Recent
  • Tags
  • Popular
  • Users
  • Search
  • Register
  • Login

HAProxy [WARNING] (4900) : parsing [/var/etc/haproxy/haproxy.cfg:...] : a 'http-request' rule placed after a 'redirect' rule will still be processed before.

Scheduled Pinned Locked Moved Cache/Proxy
1 Posts 1 Posters 489 Views
Loading More Posts
  • Oldest to Newest
  • Newest to Oldest
  • Most Votes
Reply
  • Reply as topic
Log in to reply
This topic has been deleted. Only users with topic management privileges can see it.
  • M
    michaelschefczyk
    last edited by Mar 20, 2022, 11:23 AM

    Dear All,

    To redirect http to https, I am using a http frontend containing an advanced pass thru "redirect scheme https code 301 if !{ ssl_fc }". Since some time, I always get "[WARNING] (4900) : parsing [/var/etc/haproxy/haproxy.cfg:...] : a 'http-request' rule placed after a 'redirect' rule will still be processed before." when this is active.

    I assume the reason is the fix against CVE-2021-40346 which added the following lines to http frontends:

    http-request  deny if { req.hdr_cnt(content-length) gt 1 }
http-response deny if { res.hdr_cnt(content-length) gt 1 }

    Is this correct and should I just ignore the warning? Is there better practice to redirect http to https? If not, can the warning be suppressed in a future version so that not everyone using this needs to think through this?

    Thanks & regards

    Michael Schefczyk

    1 Reply Last reply Reply Quote 0
    1 out of 1
    • First post
      1/1
      Last post
    Copyright 2025 Rubicon Communications LLC (Netgate). All rights reserved.
      This community forum collects and processes your personal information.
      consent.not_received