Hello, I am trying to clarify in which case a tcp connection might be closed following those rules: - http-request return - http-request deny unless I missed something I have not been able to see the answer within the doc.
General context being, we are using `option http-keep-alive`; also our haproxy is behind another L7 proxy; it means the later do not expect the connection to be loosely closed. [cloud L7 LB] <--> [haproxy] <--> backend >From what I read in https://git.haproxy.org/?p=haproxy.git;a=blob;f=src/http_ana.c;h=2b2cfdc56103f313d766143f9016d91200065092;hb=HEAD#l354 I got: - `http-request return` gets `HTTP_RULE_RES_ABRT`; this flag leads to `return_prx_cond`, which is not calling `http_reply_and_close` - `http-request deny` gets `HTTP_RULE_RES_DENY`; this flag leads to `deny`, which is calling `http_reply_and_close` We are using haproxy v2.4.x but I think the behaviour did not change in an earlier version. Some followup questions: - do we confirm `http-request return` does not close the connection while `http-request deny` does? meaning: - http-request return status 403 - http-request deny don't have the same behaviour? - from what I understood, using http-keep-alive does not influence the behaviour of `http_reply_and_close`, is that correct? - while using `http-request deny` which might close the connection, we see some requests on the cloud LB side being ended in error 502. We suspect those are the next requests, where the cloud LB tried to use the same previous connection. For now it is hard to understand why the cloud LB would not detect the close. Is there a moment where haproxy would loosely close the connection which might explain the behavior? Thanks in advance, -- William
