On Thu, 12 Nov 2020 at 12:21, Julien Pivotto <roidelapl...@inuits.eu> wrote:
> Dear, > > Please find a patch to add 401 and 403 l7 retries, see > https://github.com/haproxy/haproxy/issues/948 Hey Julien, This really feels like an anti-feature, to be frank! If a specific backend server can’t auth anyone, don’t have it in the pool of servers which process auth requests. If it can’t auth anyone, only some of the time, take it out of the auth pool based on health checks. If it can’t auth *some* people, *some* of the time, while other servers can: A) fix your broken server; don’t enlarge a nice piece of middleware like haproxy! B) you probably want a redispatch, not a retry; I *think* a retry can end up on the same server, which isn’t want you want. I might be wrong there, though. I think retry on 4XX, without modifying the request, is a terrible idea. It’s pretty much the opposite of what the HTTP spec says, and isn’t something haproxy should learn how to do :-) I know it already knows how to do it on 404 (& 408) which I can see a /slight/ rationale for, in a bulk-file-hosting, round-robin-until-a-server-has-a-file situation. That’s still, IMHO, the wrong place for this to be implemented - it should be in-app, not in-proxy. I genuinely don’t think we should expand the set of 4XX responses that can be automatically retried! J > <https://github.com/haproxy/haproxy/issues/948> -- Jonathan Matthews https://jpluscplusm.com