Le 02/03/2017 à 16:46, Jon Simpson a écrit :
Hi all,
Further to my previous message to the list I can now reliably reproduce
the behaviour where certain requests using authentication headers
receive 503 responses from HAProxy 1.7.3.
We’re making a request twice, once without basic auth (checking that
basic auth is prompted on the URL) and then a second, identical, request
but with the the basic auth Authorization header set. The request body
is textual file content, so these requests are larger than average
GET/POST requests (Content-Length > 3500). We don't see this problem
with smaller requests.
The two requests happen on a single connection to HAProxy as we have
keepalive enabled. The first request is always sent to the backend
successfully and but the second request receives a 503 status from
HAProxy whenever the request size is over a Content-Length of 3500. Just
below this size the 503’s are sporadic and at very small body sizes it
doesn’t happen at all - the request is sent to the backend succesfully.
There are no errors visible by catting the stats socket, and the second
request/503 response is not present in logs at all (using option httplog).
We don't get this behaviour when keeping all other variables the same
(client, request body & HAProxy configuration) using HAProxy 1.6.11.
Thanks in advance for any help anyone can provide.
Hi,
I've quickly tried to reproduce your bug without success. Please, share
you configuration to be sure to do test in the same situation.
It could also be helpful to have a tcpdump for data exchanged between
your client and HAProxy and another one for data exchanged between
HAProxy and your webserver.
If you cannot do a tcpdump, you can use the trace filter by adding the
following line in your frontend/listener section:
filer trace
Then run HAProxy in foreground.
--
Christopher Faulet
