问题
The server is receiving thousands of OPTIONS requests due to CORS (Cross-Origin Resource Sharing). Right now, every options request is being sent to one of the servers, which is a bit wasteful, knowing that HAProxy can add the CORS headers itself without the help of a web server.
frontend https-in
...
use_backend cors_headers if METH_OPTIONS
...
backend cors_headers
rspadd Access-Control-Allow-Origin:\ https://www.example.com
rspadd Access-Control-Max-Age:\ 31536000
However for this to work I need to specify at least one live server in cors_headers backend and that server will still receive the requests.
How can I handle the request in the backend without specifying any servers? How can I stop the propagation of the request to servers, while sending the response to the browser and keeping the connection alive?
回答1:
The only way to do this is in the HAProxy 1.5.14 is by manually triggering the 503 error (no servers available to handle the request) and setting the error page to the file with custom CORS headers.
backend cors_headers
errorfile 503 /path/to/custom/file.http
The file.http
should contain the desired headers and 2 empty lines at the end
HTTP/1.1 200 OK
Access-Control-Allow-Origin: https://www.example.com
Access-Control-Max-Age: 31536000
Content-Length: 0
Cache-Control: private
<REMOVE THIS LINE COMPLETELY>
This "method" has a couple of limitations:
- there is no way to check the origin before sending the CORS headers, so you will either have to have a static list of allowed origins or you will have to allow all origins
lack of dynamic headers: you can't do
http-response set-header Date %[date(),http_date]
or set Expires
header.
Note: if you are updating the HTTP file dynamically over time, to apply the changes to the HAProxy you will have to restart it. It can be a graceful restart or a hard restart, in either case the new file will be loaded, cached and served immediately.
来源:https://stackoverflow.com/questions/26556838/how-to-send-a-response-with-haproxy-without-passing-the-request-to-web-servers