On 13 Nov 00:12, Jonathan Matthews wrote: > On Thu, 12 Nov 2020 at 12:21, Julien Pivotto <[email protected]> wrote: > > > Dear, > > > > Please find a patch to add 401 and 403 l7 retries, see > > https://github.com/haproxy/haproxy/issues/948 > > > Hey Julien, > > This really feels like an anti-feature, to be frank! > > If a specific backend server can’t auth anyone, don’t have it in the pool > of servers which process auth requests. > > If it can’t auth anyone, only some of the time, take it out of the auth > pool based on health checks. > > If it can’t auth *some* people, *some* of the time, while other servers can: > > A) fix your broken server; don’t enlarge a nice piece of middleware like > haproxy! > B) you probably want a redispatch, not a retry; I *think* a retry can end > up on the same server, which isn’t want you want. I might be wrong there, > though.
You can't redispatch without retry. > I think retry on 4XX, without modifying the request, is a terrible idea. > It’s pretty much the opposite of what the HTTP spec says, and isn’t > something haproxy should learn how to do :-) > > I know it already knows how to do it on 404 (& 408) which I can see a > /slight/ rationale for, in a bulk-file-hosting, > round-robin-until-a-server-has-a-file situation. That’s still, IMHO, the > wrong place for this to be implemented - it should be in-app, not in-proxy. > I genuinely don’t think we should expand the set of 4XX responses that can > be automatically retried! > > J It is not the first time I hit arbitrary code selection limitation by HAProxy. I think that it should be up to the user/admin to decide what they can do, and that HAProxy should empower them to do so. I am not willing to expose all the details why I exactly need this. I am not up for a long debate about the patch however. It is open source software, I will carry the patch in my setup as long as I need it. If the broader community does not want the patch, so be it. Thanks. > > > <https://github.com/haproxy/haproxy/issues/948> > > -- > Jonathan Matthews > https://jpluscplusm.com -- (o- Julien Pivotto //\ Open-Source Consultant V_/_ Inuits - https://www.inuits.eu
signature.asc
Description: PGP signature
