Using HAProxy for transparent forwarding and selective redirection

haproxy

I'm setting up a temporary haproxy instance to help test a new back-end for an iphone app. Instead of having a specially produced app or a jailbreak, my plan is to set up a proxy that all phone data will go through, but have it match host headers and forward them to the new servers that are not yet live. In short, I want haproxy to act like an open proxy, apart from on some specific host names. Matching the host names and forwarding them is working perfectly, but I can't seem to make the open proxy bit work. I'm using a stock haproxy 1.4.18 package on Ubuntu Precise with stock global settings, plus these proxy settings:

frontend myapp
    bind 0.0.0.0:8080
    default_backend passthrough
    acl mydomain hdr_end(Host) .example.com
    use_backend front if mydomain

backend front
    server front 127.0.0.1:80

backend passthrough
    server ???

So the frontend sits on port 8080, defaulting to pushing requests to the passthrough backend. Prior to doing that it checks the acl to see if the request is for a hostname in my domain, and if it is, forwards it to the local app instead.

The problem is with that passthrough backend. I want it to pass on requests directly to the requested host, not to a local end point. The config I've put there won't work, but I don't know what it should say. For example if I do a request for http://www.serverfault.com, it wouldn't match my ACL, so I'd want it forwarded directly to serverfault, not to a local server. I'm not sure what directive will do this in a backend, or whether there is some frontend directive that will do it. It's more or less a no-op as far as the proxy is concerned.

(Yes I know that open proxies are bad; this is a temporary testing configuration, running interactively for only a few minutes at a time)

Update: I've found option http_proxy does exactly what I need, apart from that it doesn't do DNS lookups, only explicit IPs, so a backend like this is nearly there:

backend passthrough
    option http_proxy
    option httpclose

I know I probably could use something else, but I just happen to really like haproxy!

Best Answer

There is no way to configure haproxy to do this for you. The backend servers in haproxy have to be explicitly named.

Couldn't you instead just use a dedicated DNS server to direct the phone to the correct server?

Related Topic