Thanks, this was just for a local virtual environment on my laptop for evaluation purposes so no customers are involved. I had 6 VirtualBox machines in the host only network.
It's a great way to go because I could take a snapshot of my machine before making configuration changes and go back if something went wrong. -----Original Message----- From: "Willy Tarreau" <[email protected]> Sent: 9/18/2013 1:29 To: "James Card" <[email protected]> Cc: "Lukas Tribus" <[email protected]>; "HAProxy" <[email protected]> Subject: Re: Receiving 403 errors with no attempt to communicate with the actual server Hi James, On Mon, Sep 16, 2013 at 05:36:50PM -0400, James Card wrote: > Hi, no unfortunately, it is the OpenAM sample apache policy agent. None of it > is my > code but if I have time I'll see if I can track it down and submit a bug > report to them. > > In the mean time, I found that their sample Tomcat policy agent doesn't > exhibit the > same problem so I'll use that in my evaluation. Incidentally, I did try using > the > TCP mode of haproxy and that seems to work ok with the broken Apache 2.2 > agent. Indeed, TCP mode will let anything pass through since it doesn't care what protocol it is. But the incorrect bytes will be randomly blocked by various components in the chain, starting with proxies, caches, CDN, ... So clearly it is important to avoid such bogus components, otherwise end users will report strange problems that will be extremely hard to track down. So that's nice if you found an alternative! Best regards, Willy
