Hi Simon, > We are running HAProxy 1.5-dev17 2012/12/28
you should upgrade to -dev18 or switch to the stable branch, your release is affected by CVE-2013-1912. > Here is an example of a response that comes back from the server This is not a valid HTTP response at all: - every "cookie" line but the first is missing a Header namer, multiple cookies should look like this: Set-Cookie: TestCookie=asd; expires=Fri, 07-Jun-2013 18:04:46 GMT Set-Cookie: TestCookie1=asd; expires=Fri, 07-Jun-2013 18:04:46 GMT Set-Cookie: TestCookie2=asd; expires=Fri, 07-Jun-2013 18:04:46 GMT - you are setting the cookie CUSTOMER_SEGMENT_IDS to value "1" 9 times - at the same time your are deleting that cookie 80 times The cookies are totaly messed up and the response is not HTTP anymore :) > if one of the headers is invalid, how can I find out which header? "show errors" [1] on the unix admin socket. Regards, Lukas [1] http://cbonte.github.io/haproxy-dconv/configuration-1.5.html#show%20errors
