Hi James, On Thu, May 02, 2013 at 04:55:16PM +0100, James Bensley wrote: > Hi all, > > I have configured haproxy using the below configuration. No matter > what URL I browser to I always receive a HTTP 200 response to my > browser. If I comment out the ACL and three monitor lines from the > frontend configuration, normal behaviour is resumed. I have that gut > feeling that I have done something obviously wrong, but I can't spot > it :) > > Where am I going wrong with this? I assume that haproxy captures > requests to /checkuri and sends back HTTP 200 when at least 2 back end > servers are up (which they are, I can see the requests coming into > them) and 503 when one or more is down. Otherwise, all other requests > are passed directly to the back end servers. It seems to be > intercepting whatever URI I request via GET and returns HTTP 200 OK, > nothing reaches the back end servers when the monitor URI is > configured. > > frontend monitor-http-servers > > bind 1.2.3.4:80 > > acl backend_down nbsrv(http--servers) lt 2 # HAProxy can see lee than > 2 backend servers > monitor-uri /checkuri > monitor-net 172.22.0.0/24 > monitor fail if backend_down
As explained in the doc, "monitor-net" unconditionally returns 200 to all connections coming from the specified network. If your request comes from another network, then "monitor fail" will apply to requests matching "monitor-uri". I must confess it's the first time I see the two mechanisms mixed and that's a bit confusing. Still, as you can see in the doc, monitor-net doesn't even give you a chance to reach monitor-uri : In HTTP mode, a connection coming from a source matching <source> will be accepted, the following response will be sent without waiting for a request, then the connection will be closed : "HTTP/1.0 200 OK". Simply remove this monitor-net statement and it should work as expected. Willy
