Skip to main content

Raymii.org Logo (IEC resistor symbol) logo

Quis custodiet ipsos custodes?
Home | About | All pages | RSS Feed | Gopher

haproxy: add strict transport security or any other http header

Published: 11-12-2013 | Author: Remy van Elst | Text only version of this article


Table of Contents


This snippet shows you how to add a header to a haproxy response, for example, the HSTS header (http strict transport security).

This snippet was tested on haproxy 1.5.

If you like this article, consider sponsoring me by trying out a Digital Ocean VPS. With this link you'll get $100 credit for 60 days). (referral link)

This for example can be used when haproxy is used for ssl offloading and you want to offer hsts, while the backends not support it.

The following config is required in a frontend section:

frontend example-frontend
  reqadd X-Forwarded-Proto:\ https
  rspadd Strict-Transport-Security:\ max-age=31536000;\ includeSubDomains
  default_backend example-backend

The important part is:

rspadd Strict-Transport-Security:\ max-age=31536000;\ includeSubDomains

This adds the header to every response haproxy sends to a client.

More Info: http://cbonte.github.io/haproxy- dconv/configuration-1.5.html#rspadd

Tags: apache , haproxy , hsts , loadbalancer , network , snippets , ssl