Hi,

In order to be able to process layer 7 manipulation (what you want to
achieve) for *each* request, then you must enable http mode on your
frontebd/backend and to enable the option http-server-close.

cheers

On Thu, Oct 27, 2011 at 12:21 AM, Vivek Malik <vivek.ma...@gmail.com> wrote:
> The documentation also says
>
> In HTTP mode, it is possible to rewrite, add or delete some of the request
> and
> response headers based on regular expressions. It is also possible to block
> a
> request or a response if a particular header matches a regular expression,
> which is enough to stop most elementary protocol attacks, and to protect
> against information leak from the internal network. But there is a
> limitation
> to this : since HAProxy's HTTP engine does not support keep-alive, only
> headers
> passed during the first request of a TCP session will be seen. All
> subsequent
> headers will be considered data only and not analyzed. Furthermore, HAProxy
> never touches data contents, it stops analysis at the end of headers.
>
> The above confuses me about keep-alive. Please suggest if this applies in
> http mode.
>
> On Wed, Oct 26, 2011 at 6:15 PM, Vincent Bernat <ber...@luffy.cx> wrote:
>>
>> OoO En cette  nuit nuageuse du jeudi 27 octobre  2011, vers 00:02, Vivek
>> Malik <vivek.ma...@gmail.com> disait :
>>
>> > We have been using haproxy in production for around 6 months while
>> > using httpclose. We use functions like reqidel, reqadd to manipulate
>> > request headers and use_backend to route a request to a specific
>> > backend.
>>
>> > We run websites which often have ajax calls and load javascripts and
>> > css files from the server. Thinking about keep alive, I think it
>> > would be desired to keep client side keep alive so that they can
>> > reuse connections to load images, javascript, css and make ajax calls
>> > over it.
>>
>> > From a haproxy request processing and manipulating perspective, Is
>> > there a difference between http-server-close and httpclose? Would
>> > reqadd/reqidel/use_backend work on subsequent requests during client
>> > side keep alive too?
>>
>> Yes. From the documentation:
>>
>> ,----
>> | By default HAProxy operates in a tunnel-like mode with regards to
>> persistent
>> | connections: for each connection it processes the first request and
>> forwards
>> | everything else (including additional requests) to selected server. Once
>> | established, the connection is persisted both on the client and server
>> | sides. Use "option http-server-close" to preserve client persistent
>> connections
>> | while handling every incoming request individually, dispatching them one
>> after
>> | another to servers, in HTTP close mode. Use "option httpclose" to switch
>> both
>> | sides to HTTP close mode. "option forceclose" and "option
>> | http-pretend-keepalive" help working around servers misbehaving in HTTP
>> close
>> | mode.
>> `----
>> --
>> Vincent Bernat ☯ http://vincent.bernat.im
>>
>> Make sure input cannot violate the limits of the program.
>>            - The Elements of Programming Style (Kernighan & Plauger)
>
>

Reply via email to