From 3593d77bba87a7c2150a735b6514b5081d6cab13 Mon Sep 17 00:00:00 2001
From: AnsibleGuy <guy@ansibleguy.net>
Date: Mon, 2 Sep 2024 20:26:04 +0200
Subject: [PATCH] hide basic-auth headers for backends

---
 templates/etc/haproxy/conf.d/backend.cfg.j2 | 4 ++++
 1 file changed, 4 insertions(+)

diff --git a/templates/etc/haproxy/conf.d/backend.cfg.j2 b/templates/etc/haproxy/conf.d/backend.cfg.j2
index 410913b..afd3c8e 100644
--- a/templates/etc/haproxy/conf.d/backend.cfg.j2
+++ b/templates/etc/haproxy/conf.d/backend.cfg.j2
@@ -35,6 +35,10 @@ backend {{ name }}
 {%     include "inc/security.j2" %}
 {%     if cnf.basic_auth.plaintext | bool and cnf.basic_auth.users | length > 0 %}
     http-request auth unless { http_auth(basic_auth_{{ name }}) }
+    http-request del-header X-User
+    http-request del-header X-Auth
+    http-request del-header X-Auth-Type
+    http-request del-header Authorization
 {%     endif %}
 {%   endif %}
 {%   if cnf.mode == 'tcp' %}