Re: h2 bad requests
Hi Lucas, On 2017-12-28 22:38, Lucas Rolff wrote: Hi Sander, Which exact browser version do you use? There’s an ongoing thread already (https://www.mail-archive.com/haproxy@formilux.org/msg28333.html ) regarding the same issue. I just noticed and was reading up. I can reproduce this problem on Firefox Quantum 57.0.3, Chrome 63.0.3239.84, Safari 11.0.2. All on OSX 10.12.6. It only happens when I post something, but not every time, which makes it a bit fishy. Greets, Sander 0x2E78FBE8.asc Description: application/pgp-keys signature.asc Description: OpenPGP digital signature
Re: h2 bad requests
Hi Sander, Which exact browser version do you use? There’s an ongoing thread already (https://www.mail-archive.com/haproxy@formilux.org/msg28333.html ) regarding the same issue. Best Regards, Lucas Rolff
h2 bad requests
Hi,
I'm playing around with http2 on haproxy 1.8.2 but when I enable it I
get HTTP 400's on some requests. When sending a show errors to the admin
socket I get no errors at all. Disabling http2 makes the rror go away.
The logfile shows:
Dec 28 22:09:02 hostname haproxy[23043]: x.x.x.x:58219
[28/Dec/2017:22:09:02.066] web~ nginx/nginx 0/0/2/-1/10 400 188 - - CH--
4/2/0/0/0 0/0 {something.nl|Mo
zilla/5.0
(Mac|1695|https://something.nl/some/path/?_lala=option&_another=option}
{} "POST /some/path/?_task=doit&_action=dothisaction HTTP/1.1"
I'm looking for a way to troubleshoot this. My config looks like:
global
log /dev/loglocal0
log /dev/loglocal1 notice
chroot /var/lib/haproxy
stats socket /run/haproxy/admin.sock mode 660 level admin
stats timeout 30s
user haproxy
group haproxy
daemon
ssl-default-bind-options no-sslv3 no-tls-tickets
ssl-default-bind-ciphers
ECDH+AESGCM:DH+AESGCM:ECDH+AES256:DH+AES256:ECDH+AES128:DH+AES:RSA+AESGCM:RSA+AES:!aNULL:!MD5:!DSS
ssl-default-server-options no-sslv3 no-tls-tickets
ssl-default-server-ciphers
ECDH+AESGCM:DH+AESGCM:ECDH+AES256:DH+AES256:ECDH+AES128:DH+AES:RSA+AESGCM:RSA+AES:!aNULL:!MD5:!DSS
ssl-server-verify none
tune.ssl.default-dh-param 4096
defaults
log global
modehttp
option httplog
option dontlognull
timeout connect 5000
timeout client 5
timeout server 5
errorfile 400 /etc/haproxy/errors/400.http
errorfile 403 /etc/haproxy/errors/403.http
errorfile 408 /etc/haproxy/errors/408.http
errorfile 500 /etc/haproxy/errors/500.http
errorfile 502 /etc/haproxy/errors/502.http
errorfile 503 /etc/haproxy/errors/503.http
errorfile 504 /etc/haproxy/errors/504.http
frontend web
bind x.x.x.x:80
bind x.x.x.x:443 ssl crt /etc/haproxy/SSL/ strict-sni alpn
h2,http/1.1
bind :xxx::xxx::1:80
bind :xxx::xxx::1:443 ssl crt /etc/haproxy/SSL/
strict-sni alpn h2,http/1.1
mode http
maxconn 4096
option httplog
option splice-auto
capture request header Host len 64
capture request header User-Agent len 16
capture request header Content-Length len 10
capture request header Referer len 256
capture response header Content-Length len 10
acl in_badstuff url_reg -i -f /etc/haproxy/filters/badstuff.reg
acl in_badstuff url_sub -i -f
/etc/haproxy/filters/phpmyadmin.txt
acl in_badstuff hdr_sub(referer) -i -f
/etc/haproxy/filters/referrer.txt
acl is_host_falco hdr_sub(Host) -i somehost.nl
use_backend badstuff if in_badstuff
use_backend nginx-plain if !{ ssl_fc }
use_backend nginx
backend nginx
fullconn 128
mode http
option abortonclose
option http-keep-alive
server nginx 127.0.0.1:443 ssl cookie nginx send-proxy
backend nginx-plain
fullconn 128
mode http
option abortonclose
option http-keep-alive
server nginxplain 127.0.0.1:80 cookie nginx-plain send-proxy
backend badstuff
mode http
errorfile 503 /etc/haproxy/errors/503.http
Greets,
Sander
0x2E78FBE8.asc
Description: application/pgp-keys
signature.asc
Description: OpenPGP digital signature
