Hi, everybody!

I'm facing an issue with a somewhat weird/broken client and I'm looking for
some advise on it.

The client opens a HTTPS session and sends its request (POST data in my
case). The HTTPS part is fine. The POST data is small, so it fits into a
single TCP packet, which arrives with ACK,PSH,FIN flags set. HAProxy
diligently responds with FIN,ACK and closes the client connection, not
sending anything to the backend server. It also logs the request as CR--
which seems proper.

There is nothing specific in my HAProxy setup in this case, default config
with a single frontend/backend. I'm on 1.8 series.

I'm aware that sending a FIN on a TLS connection violates the TLS RFC, but
I suspect that such a client would do the same on a non-TLS connection too.
It brings me to the question, is there a way to tell HAProxy not to close a
client connection upon receipt of FIN on the client side if there is an
unserved HTTP request, but rather keep the client connection half-open
until the backend responds? The issue I'm facing is likely exacerbated  by
the fact that client sends FIN together with the HTTP request, so there is
no backend connection yet when HAProxy decides to close the client

Any ideas will he much appreciated. I'm open to testing config
changes/patches if needed (or even writing one with some guidance).


Assen Totin

Reply via email to