Certainly,
```
[~]$ haproxy -vv
HA-Proxy version 1.5.14 2015/07/02
Copyright 2000-2015 Willy Tarreau <[email protected]>
Build options :
TARGET = linux26
CPU = generic
CC = gcc
CFLAGS = -m64 -march=x86-64 -O2 -g -fno-strict-aliasing
OPTIONS = USE_ZLIB=yes USE_OPENSSL=1 USE_PCRE=1
Default settings :
maxconn = 2000, bufsize = 16384, maxrewrite = 8192, maxpollevents = 200
Encrypted password support via crypt(3): yes
Built with zlib version : 1.2.3
Compression algorithms supported : identity, deflate, gzip
Built with OpenSSL version : OpenSSL 1.0.1e-fips 11 Feb 2013
Running on OpenSSL version : OpenSSL 1.0.1e-fips 11 Feb 2013
OpenSSL library supports TLS extensions : yes
OpenSSL library supports SNI : yes
OpenSSL library supports prefer-server-ciphers : yes
Built with PCRE version : 7.8 2008-09-05
PCRE library supports JIT : no (USE_PCRE_JIT not set)
Built with transparent proxy support using: IP_TRANSPARENT IP_FREEBIND
Available polling systems :
epoll : pref=300, test result OK
poll : pref=200, test result OK
select : pref=150, test result OK
Total: 3 (3 usable), will use epoll.
```
And the config:
```
global
log 127.0.0.1 local0
log 127.0.0.1 local1 notice
maxconn 200000
tune.ssl.default-dh-param 1024
nbproc 20
defaults
log global
mode http
compression algo gzip
compression type text/html text/plain
retries 3
timeout client 400s
timeout connect 5s
timeout server 400s
timeout tunnel 400s
option abortonclose
option redispatch
option tcpka
option http-keep-alive
timeout http-keep-alive 15s
balance leastconn
listen admin
bind 192.0.2.200:901
mode http
stats uri /
stats enable
frontend main
option httplog
capture request header CF-Connecting-IP len 64
capture request header CF-Ray len 64
bind 192.0.2.100:80
bind 192.0.2.100:443 ssl crt /etc/ssl/certs/example.com ciphers
ECDH+AESGCM:ECDH+AES256:ECDH+AES128:ECDH+3DES:RSA+AESGCM:RSA+AES:RSA+3DES:!aNULL:!MD5:!DSS:!DH
no-sslv3
maxconn 120000
reqidel ^x-forwarded-for:.*
reqidel ^client-ip:.*
acl static_asset_url url_beg /static/assets
use_backend example_s3_static_backend if static_asset_url
acl some_url url_beg /something
use_backend some_backend if some_url
redirect scheme https code 301 if !{ ssl_fc }
acl prod_is_down nbsrv(main_backend) lt 1
use_backend status_page if prod_is_down
default_backend main_backend
backend some_backend
option forwardfor
option httplog
reqirep ([\w:]+\s)(\/[\w\d]+)(\/.*) \1\ \3
option httpchk GET /healthcheck
server somenode01 192.0.2.1:8282 weight 10 slowstart 1m maxconn 8192 check
server somenode02 192.0.2.2:8282 weight 10 slowstart 1m maxconn 8192 check
backend main_backend
option forwardfor
option httplog
fullconn 132000
http-check expect status 200
cookie SERVERID insert indirect nocache
option httpchk GET /healthcheck
server mainnode01 192.0.2.11:443 weight 10 slowstart 1m maxconn 8192
check check-ssl ssl verify none cookie ID1
server mainnode02 192.0.2.12:443 weight 10 slowstart 1m maxconn 8192
check check-ssl ssl verify none cookie ID2
server mainnode03 192.0.2.13:443 weight 10 slowstart 1m maxconn 8192
check check-ssl ssl verify none cookie ID3
backend example_s3_static_backend
option forwardfor
option httplog
reqirep ^Host: Host:\ example-static.s3.amazonaws.com
reqirep ^([^\ :]*)\ (/[^/]+/[^/]+)(.*) \1\ \3
reqidel ^Authorization:.*
rspidel ^x-amz-id-2:.*
rspidel ^x-amz-request-id:.*
rspidel ^Server:.*
server aws_s3 example-static.s3-us-west-2.amazonaws.com:443 weight 10
slowstart 1m maxconn 8192 check check-ssl ssl verify required ca-file
/etc/ssl/certs/ca-bundle.crt inter 60s
backend status_page
redirect location http://unavailable.example.com code 307
```
On Thu, Sep 17, 2015 at 12:18 AM, Aleksandar Lazic <[email protected]>
wrote:
> Hi John.
>
> Am 17-09-2015 07:03, schrieb John Skarbek:
>
>> Good Morning!
>>
>> So recently I went into battle between our CDN provider and our
>> application team due to some HTTP400's coming from somewhere. At first
>> I never suspected haproxy to be at fault due to the way I was groking
>> our logs. The end result is that I discovered haproxy doesn't log the
>> GET request, but rather only logs a `BADREQ` with a termination state of
>> `PR--`. Which based on reading documentation haproxy isn't going to log
>> a 414, but instead a 400. I ponder if this is due to something being
>> truncated forcing haproxy to see a malformed request.
>>
>> Digging into documentation, I glossed over the fact that the default
>> buffer size isn't 16k, but actually a lower 8192. Unfortunately my
>> fault, reading quickly got me to this point. But due to reading further
>> the following statement is where I finally have a question; under the
>> config item tune.maxrewrite:
>>
>> "...It is generally wise to set it to about 1024. It is automatically
>> readjusted to half of bufsize if it is larger than that. This means you
>> don't have to worry about it when changing bufsize"
>>
>
> Please can you post the output of haproxy -vv and the anonymized
> configuration, thanks.
>
> [snipp]
>
> BR Aleks
>
--
[image: rally-logo-68x68.jpg]
John T Skarbek | [email protected]
Infrastructure Engineer, Engineering
1101 Haynes Street, Suite 105, Raleigh, NC 27604
720.921.8126 Office
