Hi, Finally, after a lot of tests, I identified the "problem". I adapted our application and now, all is ok.
Thanks for your help and your suggestions. Regards, Christophe Le 18/12/12 10:02, « Christophe Rahier » <[email protected]> a écrit : >Hi Cyril, > >Behind haproxy, I have 3 IIS servers. I installed an ISAPI filter called >F5XForwardedFor. > >It's very strange, I don't have any problems with the other >frontend/backend in the same instance. > >I continue to search. > >Thanks for your help!! > > >Christophe > >Le 17/12/12 22:13, « Cyril Bonté » <[email protected]> a écrit : > >>Hi Christophe, >> >>Le 14/12/2012 14:27, Christophe Rahier a écrit : >>> Hi Baptiste, >>> >>> I tried to configure it but I'm not a Linux specialist ;-) >>> >>> Here's what I can find in my log file: >>> >>> Dec 14 14:25:13 lbhatest haproxy[1758]: 212.123.23.228:9163 >>> [14/Dec/2012:14:25:13.233] Managers-Farm~ Managers-Farm/<NOSRV> >>> -1/-1/-1/-1/39 400 210 - - CR-- 0/0/0/0/0 0/0 {} "<BADREQ>" >>> Dec 14 14:25:15 lbhatest haproxy[1758]: 212.123.23.228:9164 >>> [14/Dec/2012:14:25:15.447] Managers-Farm~ Managers-Farm/<NOSRV> >>> -1/-1/-1/-1/18 400 210 - - CR-- 0/0/0/0/0 0/0 {} "<BADREQ>" >>> >>> >>> Does it help you? >> >>I'm not sure those logs concern your "too many redirects". >> >>However, talking about "too many redirects", it makes me think of a >>common issue with applications behind a SSL terminator/accelerator/... >>It can sometimes become a nightmare for the administrators when the >>developers provide their application for the first time :-) >> >>The rule is quite "simple" : you have to know what you're running on the >>backends to know what configuration to apply. Easy to say, I know. >> >>As haproxy is the SSL terminator, your web server receives a plain >>unencrypted HTTP request. Some applications can decide that the HTTP >>request should be immediatly redirected to an URL prefixed with a https >>scheme to secure the communication. And here comes the loop. >> >>To prevent this, it depends on the application (and other intermediary >>modules like mod_jk and others). >>For some applications, simply adding "reqadd X-Forwarded-Proto:\ https" >>in the haproxy configuration will solve the issue. >>In some other cases, adding the header is not sufficient and you have to >>set an environment variable in apache (assuming you're using it). >> >>Example : >> SetEnvIf X-Forwarded-Proto https HTTPS=on >> >>But that's where you have to know what framework is used in your >>application. There is no standard : I've already met some frameworks >>where the value is case sensitive, waiting for : >> HTTPS=ON >>some others waiting for : >> HTTPS=On >>and still some others requiring : >> HTTPS=1 >> >>And I don't talk about frameworks that require something else than >>"X-Forwarded-Proto" ;-) >> >>I hope this will help a bit. >> >>-- >>Cyril Bonté >> > > > >
