Hi Delta, Normal, the returned response is too crappy!!! Your only solution is to switch to TCP mode.
Baptiste On Mon, Dec 30, 2013 at 4:16 PM, Delta Yeh <delta....@gmail.com> wrote: > Thanks you. > I have tried 'option accept-invalid-http-response' both in frontend and > backend, but it doesn't help. > > > > > 2013/12/30 Nenad Merdanovic <ni...@nimzo.info> >> >> Hello, >> >> On 12/30/2013 06:54 AM, Delta Yeh wrote: >> > Hi, >> > >> > In one of my setup, I failed to loadbalance a fortiweb WAF protected >> > website. >> > Haproxy return 502, but the browser works OK. >> > >> > >> > With the help of wireshark, I notice that the response header returned >> > by fortiweb WAF is not RFC compliant: >> > >> > HTTP/1.1 200 OK >> > Date: Mon, 30 Dec 2013 05:40:02 GMT >> > XXXXXXXXXXXXXXXXXXXXXXXXX >> > MicrosoftOfficeWebServer: 5.0_Pub >> > XXXXXXXXXXXXXXXXXXXXX >> > XXXXXXXXXXXXXXXXXXXXXXXXXXX >> > >> > Cache-Control: private >> > Content-Type: text/html; charset=utf-8 >> > Content-Length: 73803 >> > >> > <!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" >> > "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd";> >> > ...... >> > >> > But browser(IE&Firefox) works OK. >> > >> > Can haproxy improve to works smoothly with such security appliance? >> > >> >> You can try using the 'option accept-invalid-http-response' [1] in your >> backend. >> >> > >> > >> > >> > >> > >> > >> > BR, >> > DetaY >> >> [1] >> >> http://cbonte.github.io/haproxy-dconv/configuration-1.5.html#4-option%20accept-invalid-http-response >> >> Regards, >> -- >> Nenad Merdanovic | PGP: 0x423edcb2 | Web: http://nimzo.info >> Linkedin: http://www.linkedin.com/in/nenadmerdanovic > >
