Backport of bug report #1803001 to 4.3 (from 4.5) for the case I've been assisting. Removes "proto-version" header field from the output since it's not defined in the RFC.
This BZ targets 4.4, sorry about the typo in the first issue comment.
The 4.4 backport is currently blocked pending the cherry-pick-approved label.
The 4.4 backport remains blocked on cherry-pick approval. We'll continue tracking it in the upcoming sprint.
Verified with 4.4.0-0.nightly-2020-06-21-210301 and proto-version has been removed from the template. sh-4.2$ grep proto haproxy-config.template -B1 # See the quoting rules in https://tools.ietf.org/html/rfc7239 for IPv6 addresses (v4 addresses get translated to v6 when in hybrid mode) http-request add-header Forwarded for=\"[%[src]]\";host=%[req.hdr(host)];proto=%[req.hdr(X-Forwarded-Proto)] {{- else }} http-request add-header Forwarded for=%[src];host=%[req.hdr(host)];proto=%[req.hdr(X-Forwarded-Proto)] sh-4.2$ grep proto-version haproxy.config sh-4.2$
Since the problem described in this bug report should be resolved in a recent advisory, it has been closed with a resolution of ERRATA. For information on the advisory, and where to find the updated files, follow the link below. If the solution does not work for you, open a new bug report. https://access.redhat.com/errata/RHBA-2020:2713