http-send-name-header is sometimes sent in request data about haproxy HOT 7 CLOSED

Note that in 2.1-dev, send-name-header is now performed on the fly at a lower layer in the mux while encoding the request so it will not need to modify headers anymore. That just doesn't tell us what could possibly cause this unreproduceable issue in 1.8.

from haproxy.

We ran into this issue in production as well.
May I strongly suggest updating docs for http-send-name-header to indicate that option http-buffer-request is highly recommended?

from haproxy.

Are you able to get a reliable reproducer ? I'm very interested, because I don't see in the code any valid reason for the workaround to be a real fix and I really suspect it makes it harder for the bug to appear. I would really like to be certain to address it. I'm even fine with automatically enabling http-buffer-request when http-send-name-header is set, but for this I need to understand how the bug appears.

So if you manage to take a capture of the client's request or to have a reliable reproducer, I'm all ears open!

from haproxy.

@hellofornow, what is your HAProxy version ? Please, provide the output of haproxy -vv. A reproducer with a minimal configuration would be the best of course. Thanks.

from haproxy.

HA-Proxy version 1.8.8-1ubuntu0.4 2019/01/24
Copyright 2000-2018 Willy Tarreau <[email protected]>

Build options :
  TARGET  = linux2628
  CPU     = generic
  CC      = gcc
  CFLAGS  = -g -O2 -fdebug-prefix-map=/build/haproxy-Mxbbv4/haproxy-1.8.8=. -fstack-protector-strong -Wformat -Werror=format-security -Wdate-time -D_FORTIFY_SOURCE=2
  OPTIONS = USE_GETADDRINFO=1 USE_ZLIB=1 USE_REGPARM=1 USE_OPENSSL=1 USE_LUA=1 USE_SYSTEMD=1 USE_PCRE=1 USE_PCRE_JIT=1 USE_NS=1

Default settings :
  maxconn = 2000, bufsize = 16384, maxrewrite = 1024, maxpollevents = 200

Built with OpenSSL version : OpenSSL 1.1.0g  2 Nov 2017
Running on OpenSSL version : OpenSSL 1.1.0g  2 Nov 2017
OpenSSL library supports TLS extensions : yes
OpenSSL library supports SNI : yes
OpenSSL library supports : TLSv1.0 TLSv1.1 TLSv1.2
Built with Lua version : Lua 5.3.3
Built with transparent proxy support using: IP_TRANSPARENT IPV6_TRANSPARENT IP_FREEBIND
Encrypted password support via crypt(3): yes
Built with multi-threading support.
Built with PCRE version : 8.39 2016-06-14
Running on PCRE version : 8.39 2016-06-14
PCRE library supports JIT : yes
Built with zlib version : 1.2.11
Running on zlib version : 1.2.11
Compression algorithms supported : identity("identity"), deflate("deflate"), raw-deflate("deflate"), gzip("gzip")
Built with network namespace support.

Available polling systems :
      epoll : pref=300,  test result OK
       poll : pref=200,  test result OK
     select : pref=150,  test result OK
Total: 3 (3 usable), will use epoll.

Available filters :
        [SPOE] spoe
        [COMP] compression
        [TRACE] trace

I am working on providing a reproduction repo right now (our production environment is now patched -- removed http-send-name-header)

from haproxy.

Hi,

HAProxy 1.8.8 is one year old. Many bugs were fixed. The version 1.8.20 has been released today. So if you achieve a reproducer with the version 1.8.8, it could be useful to run it against the 1.8.20 too.

from haproxy.

No activity since a while and only reported on a really outdated version now. May be closed

from haproxy.