Le 13/11/2020 à 09:59, Dmitry Sivachenko a écrit :
Hello!
Consider the following config excerpt:
frontend test-fe
mode tcp
use_backend test-be1 if { path -i -m end /set }
What is the notion of "path" sample at frontend working in TCP mode?
We experimented with haproxy-1.5.18 on Linux sending HTTP queries with path ending with
"/set" and found that this condition sometimes hit, sometimes not. So the
behaviour is random.
Is it expected? At the first glance, I'd expect a warning or even an error
when parsing such a config.
What am I missing?
Hi,
In TCP mode, the HTTP fetches requires an on-demand HTTP parsing. It is
performed on the current content in the buffer. If the HTTP message is
incomplete, the parsing fails. Thus with this configuration, a random result is
expected because it depends if the request headers was all received or not with
the first TCP packet.
What you missed is to use a tcp-request content rule to wait all HTTP request
headers. For instance:
tcp-request inspect-delay 2s
tcp-request content accept if HTTP
This will wait at most 2s to receive all request headers. And it will fail on
the first parsing error (non-HTTP content).
You may also decide to reject all non-HTTP traffic. But in such case, there is
no reason to use a TCP frontend.
--
Christopher Faulet
