Thanks you. I have tried 'option accept-invalid-http-response' both in frontend and backend, but it doesn't help.
2013/12/30 Nenad Merdanovic <[email protected]> > Hello, > > On 12/30/2013 06:54 AM, Delta Yeh wrote: > > Hi, > > > > In one of my setup, I failed to loadbalance a fortiweb WAF protected > > website. > > Haproxy return 502, but the browser works OK. > > > > > > With the help of wireshark, I notice that the response header returned > > by fortiweb WAF is not RFC compliant: > > > > HTTP/1.1 200 OK > > Date: Mon, 30 Dec 2013 05:40:02 GMT > > XXXXXXXXXXXXXXXXXXXXXXXXX > > MicrosoftOfficeWebServer: 5.0_Pub > > XXXXXXXXXXXXXXXXXXXXX > > XXXXXXXXXXXXXXXXXXXXXXXXXXX > > > > Cache-Control: private > > Content-Type: text/html; charset=utf-8 > > Content-Length: 73803 > > > > <!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" > > "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd";> > > ...... > > > > But browser(IE&Firefox) works OK. > > > > Can haproxy improve to works smoothly with such security appliance? > > > > You can try using the 'option accept-invalid-http-response' [1] in your > backend. > > > > > > > > > > > > > > > BR, > > DetaY > > [1] > > http://cbonte.github.io/haproxy-dconv/configuration-1.5.html#4-option%20accept-invalid-http-response > > Regards, > -- > Nenad Merdanovic | PGP: 0x423edcb2 | Web: http://nimzo.info > Linkedin: http://www.linkedin.com/in/nenadmerdanovic >
