Skip to content

How to Configure HAProxy http-response Rules

DodaTech Updated 2026-06-24 1 min read

http-response rules modify backend responses before sending to clients. They are essential for adding security headers and hiding backend details. This guide walks through the specific troubleshooting steps to diagnose and resolve http-response issues.

Before You Begin

Before you begin, be sure to have the following in place:

  • A Linux server with the relevant software installed
  • Access to the command line interface
  • Appropriate permissions (root or sudo)

Quick Fix

Wrong

No response header modification (backend headers sent as-is)

Wrong: Backend security headers exposed

http-response set-header X-Frame-Options DENY\nhttp-response set-header X-Content-Type-Options nosniff\nhttp-response del-header Server

Right: Adding security headers and removing server info

Output

HTTP response rules:\n  X-Frame-Options: set to DENY\n  X-Content-Type-Options: set to nosniff\n  Server header: removed

Prevention

To avoid future issues, follow these best practices:

  • Use http-response set-header to add or replace response headers
  • Use http-response del-header to remove headers exposing backend details
  • Use http-response add-header to append values
  • Use http-response redirect for response-based redirects
  • Place security headers in frontend for consistency

DodaTech Tools

For further assistance with any of the above issues, consider using DodaTech consulting services or DodaTech tutorials for more in-depth guidance.

Common Mistakes with http response

  1. Using foldl instead of foldl' causing stack overflow on large lists
  2. Forgetting deriving (Show, Eq) on custom data types needed for debugging
  3. Placing the wildcard pattern first in case expressions, making all subsequent patterns unreachable

These mistakes appear frequently in real-world HAPROXY code. DodaTech's contributors have identified these patterns through analysis of open-source projects and production systems.

Practice Exercise

Write a pure function that safely divides two integers using Maybe, then test it with edge cases like division by zero and negative numbers.

This exercise reinforces the concepts covered in this guide. Try implementing it before checking online solutions.

FAQ

What headers should I remove from backend responses?|||Server (hides backend software), X-Powered-By (hides PHP/ASP version), and any internal headers.
Can I conditionally set response headers based on status code? Yes. Use http-response set-header if { status 200 } to target specific response codes.

Built by the developers of DodaTech

Doda Browser, DodaZIP & Durga Antivirus Pro