Hi,
> My Haproxy.cfg frontend is working with 'mode tcp' like this.. > ---------------------------- > defaults > mode tcp > # mode http > option tcplog > retries 3 > option redispatch > timeout connect 5000 > timeout client 50000 > timeout server 50000 > > frontend all 0.0.0.0:80 > maxconn 2000 > timeout client 50000 > default_backend backserver > ---------------------------- > > And backend is working with 'mode http' like this > ---------------------------- > backend backserver > mode http > balance roundrobin > option http-server-close > option forwardfor > server serv1 192.168.x.x maxconn 1024 > server serv2 192.168.x.x maxconn 1024 > ---------------------------- Is this really the complete configuration? You seem to use http mode on the backend and tcp mode on the frontent, which I'm not sure it supposed to work (it should abort with an error when starting haproxy). Can you remove "mode http" from the backend? > I can understand that Haproxy has accepted invalid http request from client. > But I have 2 questions. > > 1) Does my Haproxy check requests about Http-Level(L7) headers content in > spite of running with 'mode tcp'? > According to the logs from unix-socket, Haproxy seems to check requests > about L7 headers... > I cant understand it why. No, but you seem to run "mode http" on the backend, which is why there is layer 7 processing. You can apply one of this options to avoid dropping invalid requests: - option accept-invalid-http-request in the frontent/default section - option accept-invalid-http-response in the backend/default section - remove "mode http" and use "mode tcp" > 2) Can I simply pass through requests to backend server? > I want to pass through the lots requests without checking to haproxy. Decide whether you want to work at TCP level or HTTP level. You can do it at HTTP level without dropping invalid requests, as you can see above. I would suggest you do not configure tcp mode on the frontend and http mode in the backend, as thats only confusing and the behavior is not fully documented, imho. Regards, Lukas
