On 27 Nov 00:39, Lukas Tribus wrote: > On Wed, Nov 27, 2019 at 12:36 AM Julien Pivotto <roidelapl...@inuits.eu> > wrote: > > > > On 27 Nov 00:31, Lukas Tribus wrote: > > > Hello Julien, > > > > > > > > > > > > On Wed, Nov 27, 2019 at 12:21 AM Julien Pivotto <roidelapl...@inuits.eu> > > > wrote: > > > > Haproxy 2.1 blocks a response with PH-- if the response has a Host > > > > header. > > > > > > A Host header belongs to the request, not the response. Haproxy 2.1 is > > > more strict in that regard. You can configure "option > > > accept-invalid-http-response" to ignore it. > > > > > > That said, I'm not sure this was really the intention of the change in > > > question (commit 531b83e03 "MINOR: h1: Reject requests if the > > > authority does not match the header host"). Christopher? > > > > > > > > > Lukas > > > > I tried this option after finding that commit, but it does not work. > > > > I know that that header belongs to requests normally but in this case we > > have a backend that sends it in the response. > > I just tried it, it does work, but it needs to be > option accept-invalid-http-response > > not > option accept-invalid-http-request > > as mentioned in the commit, because this is about the server response, > not the client request.
Yes indeed. I tested too and it works. I indeed tried accept-invalid-http-request like in the commit message instead of accept-invalid-http-response. My concern with the workaround is that there might be huge side effects. Thank you :) > > > Lukas -- (o- Julien Pivotto //\ Open-Source Consultant V_/_ Inuits - https://www.inuits.eu
Description: PGP signature