Re: Error 408 with Chrome

Kevin Maziere Wed, 04 Jun 2014 09:07:11 -0700

2014-06-04 17:10 GMT+02:00 Nenad Merdanovic <[email protected]>:

> Hello Kevin,
>
> On 06/04/2014 05:05 PM, Willy Tarreau wrote:
> > On Wed, Jun 04, 2014 at 04:49:53PM +0200, Kevin Maziere wrote:
> >>> Anyway, from the various reports we get, it seems like sending an empty
> >>> 408 message is enough to workaround this abnormal Chrome behaviour. For
> >>> this you can proceed like this :
> >>>
> >>>      errorfile 408 /dev/null
> >>>
> >>> After days of tests it appears that 408 error page are still appening,
> but
> >> less frequently.
> >> I don't know how but I can see them on my logs and on my browser.
> >
> > In the logs it's perfectly normal as haproxy reports what has been done,
> > but in the browser, it's really not possible since the error message was
> > replaced with the contents of /dev/null. What might happen is either that
> > some requests go to another haproxy or another server which still emits
> > the error, or that such errors were abusively cached by the client which
> > reports them on closed connection.
> >
> > Regards,
> > Willy
> >
> >
>
> Can you post your latest configuration?
> Here is my conf :
>


# Configuration for haproxy1.5
global
      log 127.0.0.1   local0
      log 127.0.0.1   local1 notice
      maxconn 15000
      #debug
      #quiet
      user haproxy
      group haproxy

defaults
        log     global
        mode    http
        option  httplog
        #option  dontlognull
        retries 5
        option redispatch
        maxconn 15000
        option forwardfor
        timeout server  30m
        timeout connect 5s
        timeout client  10s
        timeout http-keep-alive 5s
        timeout http-request 8s

# Application Frontend

frontend ipv4-127.0.0.1-80
  bind 172.16.0.1:80
  redirect scheme https code 301 if !{ ssl_fc }

frontend ipv4-127.0.0.1-443
  bind 172.16.0.1:443 ssl crt /etc/haproxy/certs/wildcard.pem ciphers
ECDHE-RSA-AES128-GCM-SHA256:ECDHE-RSA-AES256-GCM-SHA384:ECDHE-RSA-AES128-SHA256:ECDHE-RSA-AES128-SHA:ECDHE-RSA-AES256-SHA384:ECDHE-RSA-AES256-SHA:ECDHE-RSA-RC4-SHA:AES128-GCM-SHA256:AES256-GCM-SHA384:AES128-SHA256:AES128-SHA:AES256-SHA256:AES256-SHA:RC4-SHA:!aNULL:!eNULL:!LOW:!3DES:!MD5:!EXP:!PSK:!SRP:!DSS:!EDH
  rspadd Strict-Transport-Security:\ max-age=31536000;\ includeSubDomains
  reqadd X-Forwarded-Proto:\ https
  option http-server-close
  default_backend ipv4-80


frontend ipv4-172_16_0_126-80
  bind 172.16.0.126:80
  redirect scheme https code 301 if !{ ssl_fc }

frontend ipv4-172_16_0_126-443
  bind 172.16.0.126:443 ssl crt /etc/haproxy/certs/wildcard.pem ciphers
ECDHE-RSA-AES128-GCM-SHA256:ECDHE-RSA-AES256-GCM-SHA384:ECDHE-RSA-AES128-SHA256:ECDHE-RSA-AES128-SHA:ECDHE-RSA-AES256-SHA384:ECDHE-RSA-AES256-SHA:ECDHE-RSA-RC4-SHA:AES128-GCM-SHA256:AES256-GCM-SHA384:AES128-SHA256:AES128-SHA:AES256-SHA256:AES256-SHA:RC4-SHA:!aNULL:!eNULL:!LOW:!3DES:!MD5:!EXP:!PSK:!SRP:!DSS:!EDH
  rspadd Strict-Transport-Security:\ max-age=31536000;\ includeSubDomains
  reqadd X-Forwarded-Proto:\ https
  option http-server-close
  default_backend ipv4-80


frontend ipv6-2000_00_00_00-80
  bind 2000:00:00::0:80
  redirect scheme https code 301 if !{ ssl_fc }

frontend ipv6-2000_00_00_00-443
  bind 2000:00:00::0:443 ssl crt /etc/haproxy/certs/wildcard.pem ciphers
ECDHE-RSA-AES128-GCM-SHA256:ECDHE-RSA-AES256-GCM-SHA384:ECDHE-RSA-AES128-SHA256:ECDHE-RSA-AES128-SHA:ECDHE-RSA-AES256-SHA384:ECDHE-RSA-AES256-SHA:ECDHE-RSA-RC4-SHA:AES128-GCM-SHA256:AES256-GCM-SHA384:AES128-SHA256:AES128-SHA:AES256-SHA256:AES256-SHA:RC4-SHA:!aNULL:!eNULL:!LOW:!3DES:!MD5:!EXP:!PSK:!SRP:!DSS:!EDH
  rspadd Strict-Transport-Security:\ max-age=31536000;\ includeSubDomains
  reqadd X-Forwarded-Proto:\ https
  option http-server-close
  default_backend ipv6-80


frontend ipv6-2000_11_11_11-80
  bind 2000:11:11::1:80
  redirect scheme https code 301 if !{ ssl_fc }

frontend ipv6-2000_11_11_11-443
  bind 2000:11:11::1:443 ssl crt /etc/haproxy/certs/wildcard.pem ciphers
ECDHE-RSA-AES128-GCM-SHA256:ECDHE-RSA-AES256-GCM-SHA384:ECDHE-RSA-AES128-SHA256:ECDHE-RSA-AES128-SHA:ECDHE-RSA-AES256-SHA384:ECDHE-RSA-AES256-SHA:ECDHE-RSA-RC4-SHA:AES128-GCM-SHA256:AES256-GCM-SHA384:AES128-SHA256:AES128-SHA:AES256-SHA256:AES256-SHA:RC4-SHA:!aNULL:!eNULL:!LOW:!3DES:!MD5:!EXP:!PSK:!SRP:!DSS:!EDH
  rspadd Strict-Transport-Security:\ max-age=31536000;\ includeSubDomains
  reqadd X-Forwarded-Proto:\ https
  option http-server-close
  default_backend ipv6-80




# Application Backend
backend ipv4-80
      balance roundrobin
      server pubwebsite01 172.16.0.116:80 weight 1 check inter 5000 rise 2
fall 5
      server pubwebsite02 172.16.0.123:80 weight 1 check inter 5000 rise 2
fall 5

backend ipv6-80
      balance roundrobin
      server pubwebsite01 2000:22:22::22:80 weight 1 check inter 5000 rise
2 fall 5
      server pubwebsite02 2000:22:22::23:80 weight 1 check inter 5000 rise
2 fall 5



listen admin 172.16.0.126:1234
      mode http
      stats uri /

# For Chrome : https://code.google.com/p/chromium/issues/detail?id=85229#c33
and ML haproxy
errorfile 408 /dev/null


> Regards,
> --
> Nenad Merdanovic | PGP: 0x423edcb2 | Web: http://nimzo.info
> Linkedin: http://www.linkedin.com/in/nenadmerdanovic
>

Re: Error 408 with Chrome

Reply via email to