Hello everyone,

We recently bumped our HAproxy deployment to 2.5 and are now getting hit by 
this fix:

MEDIUM: mux-h1: Reject HTTP/1.0 GET/HEAD/DELETE requests with a payload


The issue is we have many legacy customers using very old systems and we can’t 
tell all of them to rewrite their clients to http/1.1.

I get the security fix to prevent request smuggling where some servers ignore 
the body and treat it as another request, I’m not arguing that.

However, I was wondering if it was possible to intercept HTTP/1.0 client 
requests and upgrade them to HTTP/1.1 without hitting the rejection code of the 
commit here: 

This way we would not have to downgrade to HAproxy 2.4 again – which would be 
very unfortunate as we need many of the nice features of 2.5.

Thanks a lot!

Reply via email to