About Header manipulation
As the ALERT message say you ca n’t use request header in the response. You should replace the follow line .
faulty line

http-response set-header X-Target  %[req.hdr(Host)]

right Line

http-request set-header X-Target  %[req.hdr(Host)]

The Backend-Server should not remove this header. If you not want to send the Backend-Server the ‘X-Target ‘ server header then can you use a session varying to save the host header from the request to the reply phase .

http-request set-var(txn.my_host) req.hdr(host),lower
http-response set-header X-Target %[var(txn.my_host)]

In the software documentation are the set-var and set-header directing quite adept explained.
hypertext transfer protocol : //cbonte.github.io/haproxy-dconv/1.8/configuration.html # 4-http-request
About the server manipulation
This note could not work because haproxy tries to resolve the aim waiter at start clock .

server web-servers site.%[req.hdr(Host),regsub(^www.,,)]:80 check

In newer version of haproxy. like 2.1, can you dynamically resolve and set the address hosts.
hypertext transfer protocol : //cbonte.github.io/haproxy-dconv/2.1/configuration.html # 4.2-http-request % 20do-resolve

I assume you want to change the host heading for the target server that the right field virtual server is used.
My trace to solve your issue is to change the horde header and set the server name to a resolvable address .

backend backend-default
  option forwardfor

  http-response set-header X-Publishing-system website

  http-request set-header X-Target %[req.hdr(Host)]

  http-request replace-header Host ^www(.*) site.\1
  http-request set-header X-NewTarget %[req.hdr(Host),regsub(^www.,,)]

  server web-servers  site.example.com:80 check

This backend config is only syntax checked .
About dynamic backend server
The server should be resolved dynamically. For that solution is at least HAProxy 2.0 necessity .
I copy here some parts of the department of commerce http-request do-resolve for this answer.

You will need to add a section resolvers to your config

resolvers mydns
  # use here your prefered DNS Servers
  nameserver local 127.0.0.53:53
  nameserver google 8.8.8.8:53
  timeout retry   1s
  hold valid 10s
  hold nx 3s
  hold other 3s
  hold obsolete 0s
  accepted_payload_size 8192

frontend frontend-http

  bind *:80
  bind *:443

  # define capture buffer for backend
  declare capture request len 60

  acl redirect path_beg -i /rd
  use_backend backend-tracking if redirect

  default_backend backend-default

# ... some more backends

backend backend-default
  option forwardfor

  http-response set-header X-Publishing-system website

  http-request set-header X-Target %[req.hdr(Host)]

  # replace www with site in host header
  http-request replace-header Host ^www(.*) site.\1

  # if necessary set X-NewTarget header
  http-request set-header X-NewTarget %[req.hdr(Host),regsub(^www.,,)]

  # do dynamic host resolving for dynamic 
  # server destination for 
  # the replaced Host Header above 
  http-request do-resolve(txn.myip,mydns,ipv4) hdr(Host),lower

  # print the resolved IP in the log
  http-request capture var(txn.myip) id 0

  # rule to prevent HAProxy from reconnecting to services
  # on the local network (forged DNS name used to scan the network)
  # add the IP Range for the destination host here
  http-request deny if { var(txn.myip) -m ip 127.0.0.0/8 10.0.0.0/8 }
  http-request set-dst var(txn.myip)

  server clear 0.0.0.0:0

Please take care about the note in the documentation
NOTE: Don’t forget to set the “protection” rules to ensure HAProxy won’t be used to scan the network or worst won’t loop over itself…

Leave a Reply

Your email address will not be published.