Hi, In order to be able to process layer 7 manipulation (what you want to achieve) for *each* request, then you must enable http mode on your frontebd/backend and to enable the option http-server-close.
cheers On Thu, Oct 27, 2011 at 12:21 AM, Vivek Malik <[email protected]> wrote: > The documentation also says > > In HTTP mode, it is possible to rewrite, add or delete some of the request > and > response headers based on regular expressions. It is also possible to block > a > request or a response if a particular header matches a regular expression, > which is enough to stop most elementary protocol attacks, and to protect > against information leak from the internal network. But there is a > limitation > to this : since HAProxy's HTTP engine does not support keep-alive, only > headers > passed during the first request of a TCP session will be seen. All > subsequent > headers will be considered data only and not analyzed. Furthermore, HAProxy > never touches data contents, it stops analysis at the end of headers. > > The above confuses me about keep-alive. Please suggest if this applies in > http mode. > > On Wed, Oct 26, 2011 at 6:15 PM, Vincent Bernat <[email protected]> wrote: >> >> OoO En cette nuit nuageuse du jeudi 27 octobre 2011, vers 00:02, Vivek >> Malik <[email protected]> disait : >> >> > We have been using haproxy in production for around 6 months while >> > using httpclose. We use functions like reqidel, reqadd to manipulate >> > request headers and use_backend to route a request to a specific >> > backend. >> >> > We run websites which often have ajax calls and load javascripts and >> > css files from the server. Thinking about keep alive, I think it >> > would be desired to keep client side keep alive so that they can >> > reuse connections to load images, javascript, css and make ajax calls >> > over it. >> >> > From a haproxy request processing and manipulating perspective, Is >> > there a difference between http-server-close and httpclose? Would >> > reqadd/reqidel/use_backend work on subsequent requests during client >> > side keep alive too? >> >> Yes. From the documentation: >> >> ,---- >> | By default HAProxy operates in a tunnel-like mode with regards to >> persistent >> | connections: for each connection it processes the first request and >> forwards >> | everything else (including additional requests) to selected server. Once >> | established, the connection is persisted both on the client and server >> | sides. Use "option http-server-close" to preserve client persistent >> connections >> | while handling every incoming request individually, dispatching them one >> after >> | another to servers, in HTTP close mode. Use "option httpclose" to switch >> both >> | sides to HTTP close mode. "option forceclose" and "option >> | http-pretend-keepalive" help working around servers misbehaving in HTTP >> close >> | mode. >> `---- >> -- >> Vincent Bernat ☯ http://vincent.bernat.im >> >> Make sure input cannot violate the limits of the program. >> - The Elements of Programming Style (Kernighan & Plauger) > >
