Howto write apache ProxyPass* rules in HAProxy

Apache mod_proxy

Apache webserver is a widely deployed modular web server.
One of its module is called mod_proxy. It aims to turn the web server into a proxy / reverse proxy server with load-balancing capabilities.

At HAProxy Technologies, we only use HAProxy :). Heh, what else ???
And during some deployments, customers ask us to migrate Apache mod_proxy configuration into HAProxy.
Present article explains how to translate ProxyPass related rules.

ProxyPass, ProxyPassReverse, etc…

Apache mod_proxy defines a few directives which let it forward traffic to a remote server.
They are listed below with a short description.

Note: I know the directives introduced in this article could be used in much complicated ways.


ProxyPass maps local server URLs to remote servers + URL.
It applies on traffic from client to server.

For example:

ProxyPass /mirror/foo/

This makes the external URL to be translated and forwarded to a remote server this way:

This directive makes apache to update URL and headers to match both external traffic to internal needs.


ProxyPassReverse Adjusts the URL in HTTP response headers sent from a reverse proxied server. It only updates Location, Content-Location and URL.
It applies to traffic from server to client.

For example:

ProxyPassReverse /mirror/foo/

This directive makes apache to adapt responses generated by servers following internal urls to match external urls.


ProxyPassReverseCookieDomain adjusts the Set-Cookie header sent by the server to match external domain name.

It’s usage is pretty simple. For example:

ProxyPassReverseCookieDomain internal-domain public-domain


ProxyPassReverseCookiePath adjusts the Set-Cookie header sent by the server to match external path.

It’s usage is pretty simple. For example:

ProxyPassReverseCookiePath internal-path public-path

Configure ProxyPass and ProxyPassReverse in HAProxy

Bellow, an example HAProxy configuration to make HAProxy work the same way as apache ProxyPass and ProxyPassReverse configuration. It should be added in the backend section while the frontend ensure that only traffic matching this external URL would be redirected to that backend.

frontend ft_global
 acl    req.hdr(Host)
 acl path_mirror_foo path -m beg   /mirror/foo/
 use_backend bk_myapp if path_mirror_foo

backend bk_myapp
# external URL                  => internal URL
# =>

 # ProxyPass /mirror/foo/
 http-request set-header Host
 reqirep  ^([^\ :]*)\ /mirror/foo/(.*)     \1\ /\2

 # ProxyPassReverse /mirror/foo/
 # Note: we turn the urls into absolute in the mean time
 acl hdr_location res.hdr(Location) -m found
 rspirep ^Location:\ (https?://[0-9]+)?)?(/.*) Location:\ /mirror/foo\3 if hdr_location

 # ProxyPassReverseCookieDomain
 acl hdr_set_cookie_dom res.hdr(Set-cookie) -m sub Domain=\
 rspirep ^(Set-Cookie:.*)\ Domain=\*) \1\ Domain=\\2 if hdr_set_cookie_dom

 # ProxyPassReverseCookieDomain / /mirror/foo/
 acl hdr_set_cookie_path res.hdr(Set-cookie) -m sub Path=\ 
 rspirep ^(Set-Cookie:.*)\ Path=\ (.*) \1\ Path=\ /mirror/foo\2 if hdr_set_cookie_path

  * http to https redirect rules should be handled by HAProxy itself and not by the application server (to avoid some redirect loops)


About Baptiste Assmann

Aloha Product Manager HAProxy consultant
This entry was posted in HAProxy and tagged , . Bookmark the permalink.

4 Responses to Howto write apache ProxyPass* rules in HAProxy

  1. Pav says:


    There seem to be a few mistakes in your cookie rewrites:
    res.hdr(Set-cookie) should be res.hdr(Set-Cookie)
    Domain:\ should be

    Likewise Path:\ should be \ Path=

    Otherwise it was very helpful.


  2. Pav says:

    Also a lot of cookies do not use capitals in domain and path settings, so the regexes should account for both cases,



Leave a Reply

Fill in your details below or click an icon to log in: Logo

You are commenting using your account. Log Out /  Change )

Google photo

You are commenting using your Google account. Log Out /  Change )

Twitter picture

You are commenting using your Twitter account. Log Out /  Change )

Facebook photo

You are commenting using your Facebook account. Log Out /  Change )

Connecting to %s