Hi, Willy,
Yesterday we've tested the tunnel mode, we removed all the
"http-server-close" nor "http-close" in the configuration. Haproxy works well
with the content inspection. Now, we can confirm that "content inspection" can
not distinguish "HTTP" and "none http" traffic exactly when we set
"http-server-close" on the http backend.
We use haproxy in a special Scenario,this is to say, we use haproxy as
a classifier and a forward proxy. "http-server-close" is important to us too .
Can you tell us does someway we can make "http-server-close" and "content
inspection" works together?
configuration:
frontend tcp-in
bind :2222
mode tcp
log global
option tcplog
tcp-request inspect-delay 30s
tcp-request content accept if HTTP
use_backend NginxCluster if HTTP
default_backend Direct
backend NginxCluster
mode http
option abortonclose
option http-server-close
balance uri whole
log global
server ngx1 192.168.10.1:80 weight 20 check inter 5s maxconn 10000
server ngx2 192.168.10.2:80 weight 20 check inter 5s maxconn 10000
server ngx3 192.168.10.3:80 weight 20 check inter 5s maxconn 10000
backend Direct
mode tcp
log global
option tcplog
no option httpclose
no option http-server-close
no option accept-invalid-http-response
option transparent
option abortonclose
Regards
Simon
在 2013-7-21,下午6:32, k simon 写道:
> Hi all,
>
> We changed the "http-server-close" to "http-close", and found we resolved
> the problem. Now haproxy can accurate distinguished the "http" and "non http"
> traffic. Obviously content inspection works well with short connection, but
> not long connection. And now, 20k+ "fin_wait_2" and "close wait" state has
> disappeared.
>
>
> Regards
>
> Simon
