diff --git a/docs/deployment/supported-proxies/haproxy.md b/docs/deployment/supported-proxies/haproxy.md
index 52cab97c1..71ea37456 100644
--- a/docs/deployment/supported-proxies/haproxy.md
+++ b/docs/deployment/supported-proxies/haproxy.md
@@ -94,7 +94,7 @@ frontend fe_http
     http-request set-var(req.scheme) str(http) if !{ ssl_fc }
     http-request set-var(req.questionmark) str(?) if { query -m found }
    
-    # Headers to construct redirection URL
+    # Required headers
     http-request set-header X-Real-IP %[src]
     http-request set-header X-Forwarded-Proto %[var(req.scheme)]
     http-request set-header X-Forwarded-Host %[req.hdr(Host)]
@@ -107,7 +107,7 @@ frontend fe_http
     # Authelia backend route
     use_backend be_authelia if host-authelia
     # Redirect protected-frontends to Authelia if not authenticated
-    use_backend be_authelia if protected-frontends !{ var(txn.auth_response_successful) -m bool }
+    http-request redirect location https://auth.example.com/?rd=%[var(req.scheme)]://%[base]%[var(req.questionmark)]%[query] if protected-frontends !{ var(txn.auth_response_successful) -m bool }
     # Service backend route(s)
     use_backend be_nextcloud if host-nextcloud
 
@@ -151,7 +151,7 @@ frontend fe_http
     http-request set-var(req.scheme) str(http) if !{ ssl_fc }
     http-request set-var(req.questionmark) str(?) if { query -m found }
    
-    # Headers to construct redirection URL
+    # Required headers
     http-request set-header X-Real-IP %[src]
     http-request set-header X-Forwarded-Proto %[var(req.scheme)]
     http-request set-header X-Forwarded-Host %[req.hdr(Host)]
@@ -164,7 +164,7 @@ frontend fe_http
     # Authelia backend route
     use_backend be_authelia if host-authelia
     # Redirect protected-frontends to Authelia if not authenticated
-    use_backend be_authelia if protected-frontends !{ var(txn.auth_response_successful) -m bool }
+    http-request redirect location https://auth.example.com/?rd=%[var(req.scheme)]://%[base]%[var(req.questionmark)]%[query] if protected-frontends !{ var(txn.auth_response_successful) -m bool }
     # Service backend route(s)
     use_backend be_nextcloud if host-nextcloud
 
diff --git a/internal/suites/example/compose/haproxy/haproxy.cfg b/internal/suites/example/compose/haproxy/haproxy.cfg
index 872ec577a..f05bce6cd 100644
--- a/internal/suites/example/compose/haproxy/haproxy.cfg
+++ b/internal/suites/example/compose/haproxy/haproxy.cfg
@@ -39,7 +39,7 @@ frontend fe_http
     # does not know how to handle it (see https://github.com/TimWolla/haproxy-auth-request/issues/12).
     http-request lua.auth-request be_auth_request /api/verify if protected-frontends
 
-    http-request redirect location https://login.example.com:8080 if protected-frontends !{ var(txn.auth_response_successful) -m bool }
+    http-request redirect location https://login.example.com:8080/?rd=%[var(req.scheme)]://%[base]%[var(req.questionmark)]%[query] if protected-frontends !{ var(txn.auth_response_successful) -m bool }
 
     use_backend be_authelia if host-authelia-portal api-path
     use_backend fe_authelia if host-authelia-portal !api-path
@@ -51,13 +51,13 @@ backend be_authelia
     server authelia-backend authelia-backend:9091 ssl verify none
 
 backend be_auth_request
-  mode http
-  server proxy 127.0.0.1:8085
+    mode http
+    server proxy 127.0.0.1:8085
 
 listen be_auth_request_proxy
-  mode http
-  bind 127.0.0.1:8085
-  server authelia-backend authelia-backend:9091 ssl verify none
+    mode http
+    bind 127.0.0.1:8085
+    server authelia-backend authelia-backend:9091 ssl verify none
 
 backend fe_authelia
     server authelia-frontend authelia-frontend:3000