On Thu, Aug 21, 2014 at 8:20 PM, Jeff Buchbinder <[email protected]> wrote: > I have been experiencing an odd phenomena which appears to indicate that > haproxy is mangling certain requests with version 1.5.3. It looks as though > '%' is being reencoded as '%25', such that encodings like '%3D' are being > reencoded as '%253D', etc. I'm using a backend/frontend separated setup. I'm > including a sanitized version of the config below. > > Is there any reason that anyone can divine to explain why that mangling might > be occurring? The same product configuration (without specific application > pools) was implemented with 1.4.x without any issues. > > frontend fe_qa_product_http > bind x.x.x.x:80 > redirect scheme https if !{ ssl_fc } > # Remove X-Powered-By header > rspidel ^X-Powered-By:.*$ > > frontend fe_qa_product_https > bind x.x.x.x:443 ssl crt /etc/ssl/qa.pem > reqadd X-Forwarded-Proto:\ https > acl is_a path_beg -i /a/ > acl is_b path_beg -i /b/ > default_backend be_qa_default > use_backend be_qa_a if is_a > use_backend be_qa_b if is_b > # Remove X-Powered-By header > rspidel ^X-Powered-By:.*$ > option accept-invalid-http-request > option accept-invalid-http-response > # Strip JSESSIONID from static resources > reqirep (.*)(\.css);jsession=.* \1\2 > reqirep (.*)(\.js);jsession=.* \1\2 > reqirep (.*)(\.jpg);jsession=.* \1\2 > reqirep (.*)(\.png);jsession=.* \1\2 > reqirep (.*)(\.wav);jsession=.* \1\2 > > backend be_qa_default > balance leastconn > option httpclose > option forwardfor > cookie JSESSIONID prefix > option httpchk /about.html > server srv1 10.0.x.x:80 check inter 10000 rise 2 fall 5 > server srv2 10.0.x.x:80 check inter 10000 rise 2 fall 5 > > backend be_qa_a > balance leastconn > option httpclose > option forwardfor > cookie JSESSIONID prefix > option httpchk /a/about.html > server srv1 10.0.x.x:80 check inter 10000 rise 2 fall 5 > server srv2 10.0.x.x:80 check inter 10000 rise 2 fall 5 > > backend be_qa_b > balance leastconn > option httpclose > option forwardfor > cookie JSESSIONID prefix > option httpchk /b/about.html > server srv1 10.0.x.x:80 check inter 10000 rise 2 fall 5 > server srv2 10.0.x.x:80 check inter 10000 rise 2 fall 5 > > -- > Jeff Buchbinder > Rave Mobile Safety, Inc > [email protected]
Hi Jeff, What happens when you remove the option accept-invalid-http-request ? Baptiste
