Inconsistent Behavior of request-capture with hdr() in HAProxy ConfigMap #729
Description
When following the documentation and setting the following in the ConfigMap:
request-capture: |
hdr(user-agent)
hdr(referer)
The resulting haproxy.cfg includes lines like:
http-request capture hdr(user-agent) len 256 if { var(txn.path_match) -m dom xxxxxxxx }
http-request capture hdr(referer) len 256 if { var(txn.path_match) -m dom xxxxxxx }
However, the use of hdr() leads to incorrect log entries because it splits header values at commas. This behavior is not well-documented and was previously identified in haproxy/haproxy#796
As a result, the User-Agent log appears truncated or malformed. For example:
x.x.x.x - - [11/Jul/2025:12:30:55 +0000] "POST https://example.com HTTP/2.0" 200 431 "https://referer" "like Gecko) Chrome/138.0.0.0 Mobile Safari/537.36"
This is the same issue described in haproxy/haproxy#794 (comment) where the header gets cut off due to internal comma handling.
To obtain correct log output, I had to replace the above with:
frontend-config-snippet: |
capture request header Referer len 128
capture request header User-Agent len 128
However, this is not supported via the request-capture field, which is currently the documented and suggested approach.
My suggestions
To avoid misleading configurations and broken logs for other users:
- Allow full header capture using
request-capture: header user-agentthat maps to the correctcapture request headerdirective rather thanhttp-request capture. - Alternatively, introduce a dedicated ConfigMap field for raw
capture requestusage. - In either case, update the documentation to warn users about hdr() behavior with comma-separated headers like
User-Agent.
This issue is easy to overlook but significantly impacts observability, and many users are likely to follow the current (broken) example in the documentation.