Hello, On 12/30/2013 06:54 AM, Delta Yeh wrote: > Hi, > > In one of my setup, I failed to loadbalance a fortiweb WAF protected > website. > Haproxy return 502, but the browser works OK. > > > With the help of wireshark, I notice that the response header returned > by fortiweb WAF is not RFC compliant: > > HTTP/1.1 200 OK > Date: Mon, 30 Dec 2013 05:40:02 GMT > XXXXXXXXXXXXXXXXXXXXXXXXX > MicrosoftOfficeWebServer: 5.0_Pub > XXXXXXXXXXXXXXXXXXXXX > XXXXXXXXXXXXXXXXXXXXXXXXXXX > > Cache-Control: private > Content-Type: text/html; charset=utf-8 > Content-Length: 73803 > > <!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" > "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd";> > ...... > > But browser(IE&Firefox) works OK. > > Can haproxy improve to works smoothly with such security appliance? >
You can try using the 'option accept-invalid-http-response' [1] in your backend. > > > > > > > BR, > DetaY [1] http://cbonte.github.io/haproxy-dconv/configuration-1.5.html#4-option%20accept-invalid-http-response Regards, -- Nenad Merdanovic | PGP: 0x423edcb2 | Web: http://nimzo.info Linkedin: http://www.linkedin.com/in/nenadmerdanovic
