Delta, Please let us know Fortinet's answer here.
Baptiste On Tue, Dec 31, 2013 at 7:41 AM, Delta Yeh <[email protected]> wrote: > Hi Willy, > > Yeah, I agree with you. I report it only to make haproxy team know this side > case. > I have contacted fortinet's tech to check if this is the "feature" of > fortiweb product or product configuration mistake. > > BR, > DeltaY > > > > 2013/12/31 Willy Tarreau <[email protected]> >> >> On Tue, Dec 31, 2013 at 02:04:02PM +0800, Delta Yeh wrote: >> > Hi Lukas, >> > I know the response is crappy like Baptiste said. >> > But as a reverse proxy, nginx works OK for this website, it would be >> > better if haproxy also works for such website. >> > >> > The debug output of wget is: >> >> Could you please provide a PCAP output instead ? Your copy-paste is >> clearly missing some parts. The fact that some "headers" are left in >> the body should not block anything, they will just be delivered as a >> body to the client. So there's something else. >> >> Also, the fact that proxy X or browser Y accepts to deliver non-compliant >> contents isn't a good sign in general, it often means that it's vulnerable >> to security issues. Just like haproxy when you enable option >> "accept-invalid-http-responses". If someone told me that haproxy works >> with >> this option and squid does not, I would not consider it squid's fault. >> >> And as Lukas said, please check with Fortinet's support, this bug seems >> so huge that it there's obviously a fix already. >> >> Best regards, >> Willy >> >
