User agent in in Rancher healthcheck request

I log all my incoming requests and their corresponding outgoing responses. I use Rancher for provisioning and container management and the infrastructure service healthcheck is configured to do health-check requests to each of my running applications every 2 sec, which means that there’s huge amount of redundant logs. Nevertheless, I don’t want to completely filter out /health-check endpoind requests, because the endpoint is publicly open. I want to filter out only the ones coming from Rancher’s healthcheck service.

The problem is that the request headers only contain an IP, and that’s unreliable. I was thinking of filtering out by user-agent, but the headers don’t have that. Any ideas how to recognize health-check requests from the Rancher internal service?

It is possible to send arbitrary headers like user-agent in HAProxy but not exposed in the UI. Query param in the request with a certain name/value that is unlikely to conflict with anything else?

I would rather prefer to do it through headers because of the way the framework I use for my apps handles GET requests. But I am not sure I understood how to set up arbitrary headers. Is it smth I should configure in the API file of the each healthcheck service container or in the rancher-compose.yml for my service or?

Basically the request line isn’t escaped and allows newlines, so you can put \r\nUser-Agent: foo into it.

1 Like