Thanks for the quick reply. I fix it by using some iptables rules just as you said. Can it be avoided naturely?
huaqiuyu 2013/5/3 Willy Tarreau <[email protected]> > Hi, > > On Fri, May 03, 2013 at 05:45:45PM +0800, Jianhua Qin wrote: > > hi, all > > > > Go straight to the point > > 1. base information > > haproxy version: 1.4.23 > > ip: 192.168.1.1 > > snippet of haproxy.cfg > > ==== > > *......* > > *frontend tcp_frontend > > bind :3128 > > mode tcp* > > ** > > * tcp-request inspect-delay 3s > > tcp-request content accept if HTTP* > > ** > > * use_backend http_backend if HTTP !HTTP_URL_ABS > > default_backend tcp_backend* > > ** > > *backend tcp_backend > > mode tcp > > option transparent* > > ** > > *backend http_backend > > mode http > > server s1 127.0.0.1:8081* > > *...* > > ==== > > > > 2. when "curl -v -x 192.168.1.1:3128 http://www.sohu.com/";, it is > > horrible... > > ==== > > * PID USER PR NI VIRT RES SHR S %CPU %MEM TIME+ > > COMMAND > > 17260 nobody 18 0 151m 45m 456 R 97.7 0.6 25:14.91 haproxy * > > ===== > > VIRT up to 151m, RES up to 45m, and CPU up to 97.7% > > > > 3. config line > > "*use_backend http_backend if HTTP !HTTP_URL_ABS*" > > change to > > "*use_backend http_backend if HTTP*" > > it is ok now, bug the PROXY requests can not be filtered, any suggest? > > I suspect from your configuration that you're making haproxy reconnect > to itself : the "transparent" option in the backend makes it connect > to the original destination ip:port. So unless you used some iptables > rules to force the traffic into haproxy when it as not destinated to > it, I'm quite certain that the backend reconnects to the frontend. > > Willy > >
