Comments (7)
Note that in 2.1-dev, send-name-header is now performed on the fly at a lower layer in the mux while encoding the request so it will not need to modify headers anymore. That just doesn't tell us what could possibly cause this unreproduceable issue in 1.8.
from haproxy.
We ran into this issue in production as well.
May I strongly suggest updating docs for http-send-name-header
to indicate that option http-buffer-request
is highly recommended?
from haproxy.
Are you able to get a reliable reproducer ? I'm very interested, because I don't see in the code any valid reason for the workaround to be a real fix and I really suspect it makes it harder for the bug to appear. I would really like to be certain to address it. I'm even fine with automatically enabling http-buffer-request when http-send-name-header is set, but for this I need to understand how the bug appears.
So if you manage to take a capture of the client's request or to have a reliable reproducer, I'm all ears open!
from haproxy.
@hellofornow, what is your HAProxy version ? Please, provide the output of haproxy -vv
. A reproducer with a minimal configuration would be the best of course. Thanks.
from haproxy.
HA-Proxy version 1.8.8-1ubuntu0.4 2019/01/24
Copyright 2000-2018 Willy Tarreau <[email protected]>
Build options :
TARGET = linux2628
CPU = generic
CC = gcc
CFLAGS = -g -O2 -fdebug-prefix-map=/build/haproxy-Mxbbv4/haproxy-1.8.8=. -fstack-protector-strong -Wformat -Werror=format-security -Wdate-time -D_FORTIFY_SOURCE=2
OPTIONS = USE_GETADDRINFO=1 USE_ZLIB=1 USE_REGPARM=1 USE_OPENSSL=1 USE_LUA=1 USE_SYSTEMD=1 USE_PCRE=1 USE_PCRE_JIT=1 USE_NS=1
Default settings :
maxconn = 2000, bufsize = 16384, maxrewrite = 1024, maxpollevents = 200
Built with OpenSSL version : OpenSSL 1.1.0g 2 Nov 2017
Running on OpenSSL version : OpenSSL 1.1.0g 2 Nov 2017
OpenSSL library supports TLS extensions : yes
OpenSSL library supports SNI : yes
OpenSSL library supports : TLSv1.0 TLSv1.1 TLSv1.2
Built with Lua version : Lua 5.3.3
Built with transparent proxy support using: IP_TRANSPARENT IPV6_TRANSPARENT IP_FREEBIND
Encrypted password support via crypt(3): yes
Built with multi-threading support.
Built with PCRE version : 8.39 2016-06-14
Running on PCRE version : 8.39 2016-06-14
PCRE library supports JIT : yes
Built with zlib version : 1.2.11
Running on zlib version : 1.2.11
Compression algorithms supported : identity("identity"), deflate("deflate"), raw-deflate("deflate"), gzip("gzip")
Built with network namespace support.
Available polling systems :
epoll : pref=300, test result OK
poll : pref=200, test result OK
select : pref=150, test result OK
Total: 3 (3 usable), will use epoll.
Available filters :
[SPOE] spoe
[COMP] compression
[TRACE] trace
I am working on providing a reproduction repo right now (our production environment is now patched -- removed http-send-name-header
)
from haproxy.
Hi,
HAProxy 1.8.8 is one year old. Many bugs were fixed. The version 1.8.20 has been released today. So if you achieve a reproducer with the version 1.8.8, it could be useful to run it against the 1.8.20 too.
from haproxy.
No activity since a while and only reported on a really outdated version now. May be closed
from haproxy.
Related Issues (20)
- Send SPOA message after response to client HOT 4
- HAProxy 2.8.6 built with WolfSSL not working with TLS 1.2 HOT 12
- ssl-default-bind-ciphersuites influencing TLS1.2. HOT 3
- DHE-Ciphers failing silently since 2.6 HOT 1
- Assert failure in ssl_sock_free_ocsp during old process exit HOT 1
- GPL 2.0 License does not align with the the GPL 2.1 License stated in src/event_hdl.c HOT 5
- Long URIs Truncate Logged HTTP Version HOT 9
- When I use filter the HAproxy process is terminated HOT 12
- issue with openssl initialisation order prevent use of security framework configuration for DH-related part HOT 5
- Ability to inherit server properties when using dynamic servers
- 2.9.4: Peers? crash during/after reload HOT 4
- Native asynchronous request mirroring HOT 2
- OCSP Stapling fails when server resolves to IPv6 but only IPv4 connectivity available HOT 2
- QUIC/H3 vs H2 performance difference for large payloads HOT 23
- Logging multiple combined FIX messages HOT 8
- High CPU (possibly stick-tables related) on 2.9.6 HOT 16
- Freezing frontend in state LIM after high load test HOT 4
- Unable to set a carriage return through a variable with http-request return HOT 4
- SPOE requests hanging until processing time is met when doing a reload HOT 2
- Allow preserving abstract namespace sockets address length HOT 5
Recommend Projects
-
React
A declarative, efficient, and flexible JavaScript library for building user interfaces.
-
Vue.js
🖖 Vue.js is a progressive, incrementally-adoptable JavaScript framework for building UI on the web.
-
Typescript
TypeScript is a superset of JavaScript that compiles to clean JavaScript output.
-
TensorFlow
An Open Source Machine Learning Framework for Everyone
-
Django
The Web framework for perfectionists with deadlines.
-
Laravel
A PHP framework for web artisans
-
D3
Bring data to life with SVG, Canvas and HTML. 📊📈🎉
-
Recommend Topics
-
javascript
JavaScript (JS) is a lightweight interpreted programming language with first-class functions.
-
web
Some thing interesting about web. New door for the world.
-
server
A server is a program made to process requests and deliver data to clients.
-
Machine learning
Machine learning is a way of modeling and interpreting data that allows a piece of software to respond intelligently.
-
Visualization
Some thing interesting about visualization, use data art
-
Game
Some thing interesting about game, make everyone happy.
Recommend Org
-
Facebook
We are working to build community through open source technology. NB: members must have two-factor auth.
-
Microsoft
Open source projects and samples from Microsoft.
-
Google
Google ❤️ Open Source for everyone.
-
Alibaba
Alibaba Open Source for everyone
-
D3
Data-Driven Documents codes.
-
Tencent
China tencent open source team.
from haproxy.