Hi,
I think I've found a possible bug with the combination SSL, compression
and NTLM auth. But, I'm not sure if it's really a bug or if NTLM auth is
crap (well it is...).
When enabling compression the authorization fails sometimes. When I
disable compression everything is fine. I don't know if it's just a
silly thing to enable compression in this situation. Has anyone else
tried this?
I'm running haproxy-dev18-ss-20130512 and my config is like:
defaults
log global
mode http
compression algo gzip
option http-server-close
option tcp-smart-accept
option tcp-smart-connect
option abortonclose
frontend default-fe
bind 1.2.3.4:80
bind a:b:c:d:e:f:80
bind 1.2.3.4:443 ssl crt /etc/haproxy/ssl/some.pem ciphers
RC4:HIGH:!aNULL:!MD5
bind a:b:c:d:e:f:443 ssl crt /etc/haproxy/ssl/some.pem ciphers
RC4:HIGH:!aNULL:!MD5
maxconn 512
option httplog
option forwardfor
option splice-auto
# Add X-Forwarded-* headers
http-request set-header X-Forwarded-Proto https if { ssl_fc }
http-request set-header X-Forwarded-Ssl on if { ssl_fc }
http-request set-header X-Forwarded-Proto http if ! { ssl_fc }
http-request set-header X-Forwarded-Ssl off if ! { ssl_fc }
# Define hosts which need to redirect to HTTPS
acl need_ssl hdr(Host) -i iis.host.local
redirect scheme https if need_ssl ! { ssl_fc }
# Define backends and redirect correct hostnames
use_backend iis-backend if { hdr(Host) -i iis.host.local }
backend iis-backend
fullconn 20
no option http-server-close
option httpchk GET / HTTP/1.0
server iis-stuff 2.3.4.5:80 cookie iis check inter 2000
Regard,
Sander
