I have been experiencing an odd phenomena which appears to indicate that
haproxy is mangling certain requests with version 1.5.3. It looks as though '%'
is being reencoded as '%25', such that encodings like '%3D' are being reencoded
as '%253D', etc. I'm using a backend/frontend separated setup. I'm including a
sanitized version of the config below.
Is there any reason that anyone can divine to explain why that mangling might
be occurring? The same product configuration (without specific application
pools) was implemented with 1.4.x without any issues.
frontend fe_qa_product_http
bind x.x.x.x:80
redirect scheme https if !{ ssl_fc }
# Remove X-Powered-By header
rspidel ^X-Powered-By:.*$
frontend fe_qa_product_https
bind x.x.x.x:443 ssl crt /etc/ssl/qa.pem
reqadd X-Forwarded-Proto:\ https
acl is_a path_beg -i /a/
acl is_b path_beg -i /b/
default_backend be_qa_default
use_backend be_qa_a if is_a
use_backend be_qa_b if is_b
# Remove X-Powered-By header
rspidel ^X-Powered-By:.*$
option accept-invalid-http-request
option accept-invalid-http-response
# Strip JSESSIONID from static resources
reqirep (.*)(\.css);jsession=.* \1\2
reqirep (.*)(\.js);jsession=.* \1\2
reqirep (.*)(\.jpg);jsession=.* \1\2
reqirep (.*)(\.png);jsession=.* \1\2
reqirep (.*)(\.wav);jsession=.* \1\2
backend be_qa_default
balance leastconn
option httpclose
option forwardfor
cookie JSESSIONID prefix
option httpchk /about.html
server srv1 10.0.x.x:80 check inter 10000 rise 2 fall 5
server srv2 10.0.x.x:80 check inter 10000 rise 2 fall 5
backend be_qa_a
balance leastconn
option httpclose
option forwardfor
cookie JSESSIONID prefix
option httpchk /a/about.html
server srv1 10.0.x.x:80 check inter 10000 rise 2 fall 5
server srv2 10.0.x.x:80 check inter 10000 rise 2 fall 5
backend be_qa_b
balance leastconn
option httpclose
option forwardfor
cookie JSESSIONID prefix
option httpchk /b/about.html
server srv1 10.0.x.x:80 check inter 10000 rise 2 fall 5
server srv2 10.0.x.x:80 check inter 10000 rise 2 fall 5
--
Jeff Buchbinder
Rave Mobile Safety, Inc
[email protected]
